VDB
CVE-2022-37155
CVE-2022-37155
PUBLISHED
CVSS 8.800000190734863 HIGH
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via a GET parameter
EPSS 6.20% · 91.0th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
6.20%
91.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| spip | spip | 3.1.13 |
| n/a | n/a | n/a |
Exploit Intelligence
- https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md (nist-nvd)
- https://pastebin.com/ZH7CPc8X (nist-nvd)
- https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/ (nist-nvd)
- https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html (circl)
Timeline
- Dec 13, 2022 CVE Published
- Dec 14, 2022 EPSS Score
- Jan 25, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 18, 2023 EPSS Score
- May 30, 2023 EPSS Score
- Aug 22, 2023 EPSS Score
- Oct 3, 2023 EPSS Score
- Dec 25, 2023 EPSS Score
- Feb 5, 2024 EPSS Score
- Apr 29, 2024 EPSS Score
- Jul 22, 2024 EPSS Score
References
- https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/ url
- https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html url
- https://pastebin.com/ZH7CPc8X url
- https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.2/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md url
- https://nvd.nist.gov/vuln/detail/CVE-2022-37155 advisory
- https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022 url