← Back

CVE-2023-27372

nvd nistnuclei
Published: Feb 28, 2023Modified: Mar 11, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Affected (7)

Products: Spip: Spip · Debian: Debian Linux
Spip
1 product
Spip
Debian
1 product
Debian Linux
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Spip
Spip
Before 3.2.18
Spip
From 4.0.0 to 4.0.10
Spip
From 4.1.0 to 4.1.8
Spip
Version 4.2.0
Spip
Version 4.2.0 alpha2
Spip
Version 4.2.0 alpha
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 11.0

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (14)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.