← All tools

CVE-2023-27372

https://github.com/nuts7/CVE-2023-27372

Free

Categories

Exploitation Web Application

Description

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Keywords

cve cve-2023-27372 cve2023 deserialization exploit nuclei nuclei-templates php poc rce remote-code-execution spip vulnerability web-hacking python

Screenshots

Example Usage

❯ ./CVE-2023-27372.py -h
usage: CVE-2023-27372.py [-h] -u URL -c COMMAND [-v]

Poc of CVE-2023-27372 SPIP < 4.2.1 - Remote Code Execution by nuts7

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     SPIP application base URL
  -c COMMAND, --command COMMAND
                        Command to execute
  -v, --verbose         Verbose mode. (default: False)