VDB
CVE-2023-24258
CVE-2023-24258
PUBLISHED
CVSS 9.800000190734863 CRITICAL
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
EPSS 2.81% · 86.4th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
2.81%
86.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a, n/a |
| spip | spip | 0, 0 |
Exploit Intelligence
- https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html (circl)
- DSA-5325 (circl)
- https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md (vulncheck-nvd)
Timeline
- Feb 27, 2023 CVE Published
- Feb 28, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 17, 2023 EPSS Score
- Jun 26, 2023 EPSS Score
- Sep 12, 2023 EPSS Score
- Oct 21, 2023 EPSS Score
- Nov 29, 2023 EPSS Score
- Feb 16, 2024 EPSS Score
- Mar 26, 2024 EPSS Score
- May 4, 2024 EPSS Score
- Jul 22, 2024 EPSS Score
References
- https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md url
- https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html url
- DSA-5325 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-24258 advisory