CVE-2023-27372

This exploit leverages a PHP code injection vulnerability in SPIP's `oubli` parameter, allowing unauthenticated remote code execution via crafted serialization payloads. It bypasses CSRF protection and executes arbitrary commands with web user privileges.

This repository contains a functional exploit for CVE-2023-27372, an unauthenticated RCE vulnerability in SPIP < 4.2.1. The exploit leverages a PHP deserialization flaw in the password reset feature to inject arbitrary PHP code via the 'oubli' parameter.

This repository contains a functional exploit for CVE-2023-27372, a remote code execution vulnerability in SPIP < 4.2.1. The exploit leverages a deserialization flaw in the password reset functionality to execute arbitrary commands on the target system.

This repository contains a functional exploit for CVE-2023-27372, a deserialization flaw in SPIP's password reset feature. The exploit leverages improper input validation in the `protege_champ` function to achieve remote code execution via crafted serialized payloads.

This repository contains a functional Python exploit for CVE-2023-27372, a remote code execution vulnerability in SPIP CMS. The exploit leverages the 'oubli' parameter to execute arbitrary commands without authentication.

This repository contains a functional Python exploit for CVE-2023-27372, an unauthenticated RCE vulnerability in SPIP CMS < 4.2.1. The exploit leverages a cache poisoning flaw in the password reset mechanism to upload a web shell via a crafted serialized payload.

This repository contains a Python script that checks for the presence of CVE-2023-27372 in SPIP installations by sending a crafted POST request and verifying the response for indicators of vulnerability. It supports both single URL and batch URL scanning via a text file.

The repository contains only a minimal README with no exploit code, technical details, or functional proof-of-concept. It is a placeholder with no substantive content.

This repository contains a functional Python exploit for CVE-2023-27372, an unauthenticated RCE vulnerability in SPIP < 4.2.1. The exploit leverages PHP object injection via the `oubli` parameter in the password reset form, executing arbitrary commands and reflecting output in the response.

This repository contains a Docker-based lab environment for SPIP CMS and a Python-based scanner to safely verify the presence of CVE-2023-27372 without executing destructive actions. The scanner checks for the vulnerability via the password recovery endpoint (`spip.php?page=spip_pass`).

This repository contains a functional Python exploit for CVE-2023-27372, targeting SPIP CMS. The exploit leverages a deserialization vulnerability in the password reset functionality to achieve remote code execution (RCE) by injecting malicious PHP code.

The repository contains a functional Python script that exploits CVE-2023-27372, a remote code execution vulnerability in SPIP. The script automates the process of extracting a CSRF token and sending a crafted payload to execute arbitrary commands (e.g., 'whoami') on the target system.

This repository contains a functional exploit for CVE-2023-27372, targeting SPIP versions before 4.2.1. The exploit leverages a deserialization vulnerability in the 'oubli' parameter to achieve remote code execution (RCE) by injecting a crafted PHP payload.

This repository contains a functional exploit for CVE-2023-27372, a deserialization vulnerability in SPIP's password reset feature. The PoC demonstrates RCE by crafting a malicious serialized payload and leveraging the flawed `protege_champ` function.

The repository contains only a README file with minimal content, stating that all POCs come from the internet, but no actual exploit code or technical details are provided.

This Metasploit module exploits a PHP code injection vulnerability in SPIP via the 'oubli' parameter, allowing unauthenticated RCE. It supports multiple targets including PHP in-memory, Unix/Linux, and Windows command shells.