CVE-2023-24258

CVSS V2 None CVSS V3 None

Description

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.

Overview

CVE ID
CVE-2023-24258

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2023-02-27T21:15:11

Last Modified Date
2023-03-24T23:15:06

Weakness Enumerations

CWE	URL
CWE-89	http://cwe.mitre.org/data/definitions/89.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:spip:spip::::::::	1	OR		4.1.5

References

Reference URL	Reference Tags
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html	Release Notes
https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md	Exploit Third Party Advisory
https://www.debian.org/security/2023/dsa-5325

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-24258
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24258

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 05:39:01				Added to TrackCVE
2023-04-17 05:39:04			Weakness Enumeration	new