SPIP porte_plume - Unauthenticated PHP Code Execution
Title source: manualExploitation Summary
CVE-2024-7954 has been observed exploited in the wild (reported by VulnCheck KEV).
EIP tracks 10 public exploits from researchers including Chocapikk, gh-ost00, bigb0x, including a Metasploit module exploits/multi/http/spip_porte_plume_previsu_rce.
A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a Python-based exploit for CVE-2024-7954, targeting an unauthenticated RCE vulnerability in SPIP's templating system via the `echappe_retour()` function and `eval()` call. The exploit includes payload preparation, command execution, and an interactive shell.
Description
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
Exploits (10)
This repository contains a Python-based exploit for CVE-2024-7954, targeting an unauthenticated RCE vulnerability in SPIP's templating system via the `echappe_retour()` function and `eval()` call. The exploit includes payload preparation, command execution, and an interactive shell.
This PoC demonstrates an arbitrary code execution vulnerability in the porte_plume plugin used by SPIP versions before 4.30-alpha2, 4.2.13, and 4.1.16. The exploit involves sending a crafted HTTP POST request to execute arbitrary PHP code as the SPIP user.
This is a functional exploit for CVE-2024-7954, targeting SPIP 4.2.8 with unauthenticated remote command execution via a crafted POST request to the `porte_plume_previsu` endpoint. The script supports both single-target and bulk scanning modes.
This PoC demonstrates an arbitrary code execution vulnerability in the porte_plume plugin for SPIP. The exploit involves sending a crafted HTTP POST request with a malicious payload to execute arbitrary PHP code.
This PoC demonstrates an arbitrary code execution vulnerability in the porte_plume plugin for SPIP. The exploit involves sending a crafted HTTP POST request with embedded PHP code to execute system commands, such as 'cat /etc/passwd'.
This repository contains a detailed writeup and proof-of-concept for CVE-2024-7954, a critical Remote Code Execution (RCE) vulnerability in the SPIP CMS porte_plume plugin. The writeup describes the exploitation process, including reconnaissance, automated scanning, and manual validation, leading to unauthenticated RCE via crafted HTTP POST requests.
This repository contains a functional Python exploit for CVE-2024-7954, targeting SPIP CMS version 4.2.8. The exploit leverages unauthenticated RCE via the `porte_plume_previsu` endpoint by injecting PHP code through crafted image tags.
This repository provides a working proof-of-concept for CVE-2024-7954, an RCE vulnerability in the porte_plume plugin of SPIP versions prior to 4.30-alpha2, 4.2.13, and 4.1.16. The exploit involves a crafted POST request to execute arbitrary PHP code via the data parameter.
The repository describes an arbitrary code execution vulnerability in the porte_plume plugin of SPIP versions before 4.30-alpha2, 4.2.13, and 4.1.16. It states that unauthenticated attackers can execute arbitrary PHP code via crafted HTTP requests.
This Metasploit module exploits a Remote Code Execution vulnerability in SPIP versions up to 4.2.12 via the porte_plume plugin. It leverages improper input handling in the templating system to inject and execute arbitrary PHP code through an `eval()` call.
Nuclei Templates (1)
app="SPIP"
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H