CVE-2023-27372
Public exploit
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
Max CVSS
9.8
EPSS Score
97.35%
Published
2023-02-28
Updated
2023-06-21
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
Max CVSS
9.8
EPSS Score
0.18%
Published
2023-02-27
Updated
2023-03-24
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
Max CVSS
9.8
EPSS Score
2.81%
Published
2017-06-17
Updated
2017-11-04
3 vulnerabilities found