NOMISEC-bigb0x/CVE-2024-7954

NOMISEC WORKING POC

Exploit for CVE-2024-7954 - SPIP - RCE

AI Analysis

This is a functional exploit for CVE-2024-7954, targeting SPIP 4.2.8 with unauthenticated remote command execution via a crafted POST request to the `porte_plume_previsu` endpoint. The script supports both single-target and bulk scanning modes.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type remote

Files 4

https://github.com/bigb0x/CVE-2024-7954

Stars 6

Forks 2

Last Push Aug 28, 2024

Authors

bigb0x MohamedNab1l

Vulnerability

CVE-2024-7954

SPIP - RCE

CRITICAL

CVSS 9.8