module
SPIP BigUp Plugin Unauthenticated RCE
| Disclosed |
|---|
| Sep 6, 2024 |
Disclosed
Sep 6, 2024
Description
This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP.
The vulnerability lies in the `lister_fichiers_par_champs` function, which is triggered
when the `bigup_retrouver_fichiers` parameter is set to any value. By exploiting the improper
handling of multipart form data in file uploads, an attacker can inject and execute
arbitrary PHP code on the target server.
This critical vulnerability affects all versions of SPIP from 4.0 up to and including
4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code
remotely via the public interface. The vulnerability has been patched in versions
4.3.2, 4.2.16, and 4.1.18.
The vulnerability lies in the `lister_fichiers_par_champs` function, which is triggered
when the `bigup_retrouver_fichiers` parameter is set to any value. By exploiting the improper
handling of multipart form data in file uploads, an attacker can inject and execute
arbitrary PHP code on the target server.
This critical vulnerability affects all versions of SPIP from 4.0 up to and including
4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code
remotely via the public interface. The vulnerability has been patched in versions
4.3.2, 4.2.16, and 4.1.18.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.