module
SPIP BigUp Plugin Unauthenticated RCE
| Disclosed |
|---|
| Sep 6, 2024 |
Disclosed
Sep 6, 2024
Description
This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP.
The vulnerability lies in the `lister_fichiers_par_champs` function, which is triggered
when the `bigup_retrouver_fichiers` parameter is set to any value. By exploiting the improper
handling of multipart form data in file uploads, an attacker can inject and execute
arbitrary PHP code on the target server.
This critical vulnerability affects all versions of SPIP from 4.0 up to and including
4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code
remotely via the public interface. The vulnerability has been patched in versions
4.3.2, 4.2.16, and 4.1.18.
The vulnerability lies in the `lister_fichiers_par_champs` function, which is triggered
when the `bigup_retrouver_fichiers` parameter is set to any value. By exploiting the improper
handling of multipart form data in file uploads, an attacker can inject and execute
arbitrary PHP code on the target server.
This critical vulnerability affects all versions of SPIP from 4.0 up to and including
4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code
remotely via the public interface. The vulnerability has been patched in versions
4.3.2, 4.2.16, and 4.1.18.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.