Home > Vulnerability Database > CVE-2023-27372

Mend.io Vulnerability Database

CVE-2023-27372

Good to know:

Date: February 27, 2023

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Language: PHP

Severity Score

9.8

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-27372

Url: https://security-tracker.debian.org/tracker/CVE-2023-27372

Url: https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d

Url: https://www.debian.org/security/2023/dsa-5367

Url: http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html

Url: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html

Url: https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266

Url: http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html

Url: https://www.mend.io/vulnerability-database/CVE-2023-27372

Severity Score

9.8

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version v3.2.18, v4.0.10, v4.1.8, v4.2.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-27372

Good to know:

Date: February 27, 2023

Language: PHP

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?