CVE-2024-7954

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
Eval Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
spipspip
4.2.13 <
𝑥
< 4.2.13
spipspip
4.1.16 <
𝑥
< 4.1.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
spip
bullseye
3.2.11-3+deb11u10
not-affected
bullseye (security)
3.2.11-3+deb11u7
fixed
trixie
4.4.3+dfsg-1+deb13u1
fixed
forky
4.4.6+dfsg-1
fixed
sid
4.4.6+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
spip
questing
not-affected
plucky
not-affected
oracular
not-affected
noble
needed
jammy
needed
focal
needed
bionic
needed
xenial
needed
Common Weakness Enumeration
References
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html
https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/
https://vulncheck.com/advisories/spip-porte-plume