CVE Vulnerabilities

CVE-2023-27372

Published: Feb 28, 2023 | Modified: Mar 11, 2025
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Affected Software

Name Vendor Start Version End Version
Spip Spip * 3.2.18 (excluding)
Spip Spip 4.0.0 (including) 4.0.10 (excluding)
Spip Spip 4.1.0 (including) 4.1.8 (excluding)
Spip Spip 4.2.0 (including) 4.2.0 (including)
Spip Spip 4.2.0-alpha (including) 4.2.0-alpha (including)
Spip Spip 4.2.0-alpha2 (including) 4.2.0-alpha2 (including)
Spip Ubuntu bionic *
Spip Ubuntu esm-apps/bionic *
Spip Ubuntu esm-apps/focal *
Spip Ubuntu esm-apps/jammy *
Spip Ubuntu esm-apps/xenial *
Spip Ubuntu focal *
Spip Ubuntu jammy *
Spip Ubuntu kinetic *
Spip Ubuntu lunar *
Spip Ubuntu mantic *
Spip Ubuntu trusty *
Spip Ubuntu upstream *
Spip Ubuntu xenial *

References