CVE-2023-27372

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.2.1 SPIP versions 3.2.18 through 4.0.10 SPIP versions 4.1.8 through 4.2.1 SPIP version 3.2.11-3+deb11u7

Description SPIP is susceptible to a flaw related to the improper handling of untrusted data during memory restoration. Successful exploitation of this issue could allow a remote attacker to execute arbitrary code by submitting specially crafted data to the application. The issue stems from mishandling of serialization. Multiple reports indicate the existence of a Remote Code Execution (RCE) exploit, potentially leveraging the multi/http/spip bigup module.

Recommendations SPIP versions prior to 3.2.18: Upgrade to version 3.2.18 or later. SPIP versions 3.2.18 through 4.0.10: Upgrade to version 4.0.10 or later. SPIP versions 4.0.10 through 4.1.8: Upgrade to version 4.1.8 or later. SPIP versions 4.1.8 through 4.2.1: Upgrade to version 4.2.1 or later. SPIP version 3.2.11-3+deb11u7: No action is required.