ГлавнаяУязвимости → CVE-2024-7954
9.8критическая

CVE-2024-7954

→ есть в БДУ: BDU:2024-07708 (на русском)
Описание (на английском; русское — в БДУ выше)

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.htmlhttps://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/https://vulncheck.com/advisories/spip-porte-plume