NOMISEC-0dayan0n/RCE_CVE-2024-7954-

NOMISEC WORKING POC
Exploit for CVE-2024-7954 - SPIP - RCE
AI Analysis

This PoC demonstrates an arbitrary code execution vulnerability in the porte_plume plugin for SPIP. The exploit involves sending a crafted HTTP POST request with embedded PHP code to execute system commands, such as 'cat /etc/passwd'.

Attack Type
RCE
Complexity
trivial
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type remote
Files 2
Stars 2
Forks 1
Last Push Dec 28, 2024
Authors
0dayan0n
Vulnerability
CVE-2024-7954
SPIP - RCE
CRITICAL
CVSS 9.8