module
SPIP BigUp Plugin Unauthenticated RCE
| Disclosed | Created |
|---|---|
| 2024-09-06 | 2024-09-11 |
Disclosed
2024-09-06
Created
2024-09-11
Description
This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP.
The vulnerability lies in the `lister_fichiers_par_champs` function, which is triggered
when the `bigup_retrouver_fichiers` parameter is set to any value. By exploiting the improper
handling of multipart form data in file uploads, an attacker can inject and execute
arbitrary PHP code on the target server.
This critical vulnerability affects all versions of SPIP from 4.0 up to and including
4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code
remotely via the public interface. The vulnerability has been patched in versions
4.3.2, 4.2.16, and 4.1.18.
The vulnerability lies in the `lister_fichiers_par_champs` function, which is triggered
when the `bigup_retrouver_fichiers` parameter is set to any value. By exploiting the improper
handling of multipart form data in file uploads, an attacker can inject and execute
arbitrary PHP code on the target server.
This critical vulnerability affects all versions of SPIP from 4.0 up to and including
4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code
remotely via the public interface. The vulnerability has been patched in versions
4.3.2, 4.2.16, and 4.1.18.
Authors
Vozec
Laluka
Julien Voisin
Valentin Lobstein
Laluka
Julien Voisin
Valentin Lobstein
Platform
Linux,PHP,Unix,Windows
Architectures
ARCH_PHP, ARCH_CMD
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.