CVE-2023-27372 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in SPIP affects v. before 4.2.1.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Toolbox
-
SPIP stands for Système de Publication pour l'Internet, and it is a free and open-source CMS (Content Management System) designed for building online magazines, collaborative projects, and corporate portals. SPIP is widely used for its user-friendly interface and robust features such as multilingual support, customizable templates, and advanced search tools. The CMS allows developers to manage and publish articles, blogs, forums, polls, and multimedia content, all with great ease and efficiency.
However, the CMS's version prior to 4.2.1 has a critical vulnerability known as CVE-2023-27372. This vulnerability occurs when SPIP mishandles serialization, which allows an attacker to execute remote code via form values in the public area. When exploited, the vulnerability gives an attacker the opportunity to perform actions as an authenticated user, leading to the complete compromise of the affected site.
CVE-2023-27372 can lead to significant consequences for organizations that use SPIP. For instance, an attacker could gain access to sensitive data, inject malware, deface the website, or use the compromised site to launch attacks on other websites. The vulnerability can also result in legal and reputational damage, as well as financial losses for organizations.
At securityforeveryone.com, we provide a platform that enables organizations to keep their digital assets secure and stay ahead of potential threats. With our pro features, organizations can quickly and easily learn about vulnerabilities in their websites and take proactive steps to address them. Our platform offers comprehensive security assessments, vulnerability scans, penetration testing, and security awareness training, among other services. Contact us today to learn more about how we can help keep your digital assets safe and secure.
REFERENCES
- http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html
- https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html
- https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266
- https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d
- https://www.debian.org/security/2023/dsa-5367
control security posture