CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html
http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html	Release Notes
https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266	Patch
https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d	Patch
https://www.debian.org/security/2023/dsa-5367	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:spip:spip::::::::
	cpe:2.3:a:spip:spip::::::::
	cpe:2.3:a:spip:spip::::::::
	cpe:2.3:a:spip:spip:4.2.0:-::::::
	cpe:2.3:a:spip:spip:4.2.0:alpha::::::
	cpe:2.3:a:spip:spip:4.2.0:alpha2::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-02-28 20:15

Updated : 2023-06-21 18:15

NVD link : CVE-2023-27372

Mitre link : CVE-2023-27372

CVE.ORG link : CVE-2023-27372

JSON object : View

Products Affected

debian

debian_linux

spip

spip

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-27372", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-02-28T20:15:10.243", "references": [{"url": "http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html", "source": "cve@mitre.org"}, {"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2023/dsa-5367", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1."}], "lastModified": "2023-06-21T18:15:12.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF6C248E-6246-469B-858D-DB628B535BDA", "versionEndExcluding": "3.2.18"}, {"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A67A687F-6F6C-4150-92BB-90A308B89B4A", "versionEndExcluding": "4.0.10", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4188B203-546F-4EE3-AD33-A31F3AF16B76", "versionEndExcluding": "4.1.8", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:spip:spip:4.2.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D55ECBAF-CDAB-4F7E-9BD1-BD9178732934"}, {"criteria": "cpe:2.3:a:spip:spip:4.2.0:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CED71D6-E720-4007-BEE3-B81CC4F5EDD2"}, {"criteria": "cpe:2.3:a:spip:spip:4.2.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0746C763-3FD4-4095-9F1C-9BEAE6E6E29B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}