CVE-2023-27372

Code Injection in packagist/spip/spip

Identifiers

CVE-2023-27372

Package Slug

packagist/spip/spip

Vulnerability

Code Injection

Description

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Affected Versions

All versions before 3.2.18, all versions starting from 4.0.0 before 4.0.10, all versions starting from 4.1.0 before 4.1.8, version 4.2.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-03-07

source