CVE-2024-8517 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheck	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
spip	spip	4.0.0 ≤ 𝑥 < 4.1.18
spip	spip	4.2.0 ≤ 𝑥 ≤ 4.2.15
spip	spip	4.3.0
spip	spip	4.3.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

spip

bullseye	3.2.11-3+deb11u10 not-affected
bullseye (security)	3.2.11-3+deb11u7 fixed
sid	4.4.3+dfsg-1 fixed
trixie	4.4.3+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

spip

plucky	not-affected
oracular	Fixed 4.3.1+dfsg-1ubuntu0.1 released
noble	needed
jammy	needed
focal	Fixed 3.2.7-1ubuntu0.1+esm2 released
bionic	Fixed 3.1.4-4~deb9u5ubuntu0.1~esm2 released
xenial	needed

Known Exploits!

Common Weakness Enumeration

CWE-646 - Reliance on File Name or Extension of Externally-Supplied File
The software allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.

References

https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html

https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/

https://vozec.fr/researchs/spip-preauth-rce-2024-big-upload/

https://vulncheck.com/advisories/spip-upload-rce