module
SPIP Unauthenticated RCE via porte_plume Plugin
| Disclosed |
|---|
| Aug 16, 2024 |
Disclosed
Aug 16, 2024
Description
This module exploits a Remote Code Execution vulnerability in SPIP versions up to and including 4.2.12.
The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input,
allowing an attacker to inject and execute arbitrary PHP code. This can be achieved by crafting a
payload manipulating the templating data processed by the `echappe_retour()` function, invoking
`traitements_previsu_php_modeles_eval()`, which contains an `eval()` call.
The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input,
allowing an attacker to inject and execute arbitrary PHP code. This can be achieved by crafting a
payload manipulating the templating data processed by the `echappe_retour()` function, invoking
`traitements_previsu_php_modeles_eval()`, which contains an `eval()` call.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.