Skip to content

Commit 3b7b704

Browse files
msjenkins-r7msjenkins-r7
committed
automatic module_metadata_base.json update
1 parent 62e8521 commit 3b7b704

File tree

1 file changed

+66
-0
lines changed

1 file changed

+66
-0
lines changed

db/modules_metadata_base.json

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110745,6 +110745,72 @@
110745110745
"session_types": false,
110746110746
"needs_cleanup": null
110747110747
},
110748+
"exploit_multi/http/spip_bigup_unauth_rce": {
110749+
"name": "SPIP BigUp Plugin Unauthenticated RCE",
110750+
"fullname": "exploit/multi/http/spip_bigup_unauth_rce",
110751+
"aliases": [
110752+
110753+
],
110754+
"rank": 600,
110755+
"disclosure_date": "2024-09-06",
110756+
"type": "exploit",
110757+
"author": [
110758+
"Vozec",
110759+
"Laluka",
110760+
"Julien Voisin",
110761+
"Valentin Lobstein"
110762+
],
110763+
"description": "This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP.\n The vulnerability lies in the `lister_fichiers_par_champs` function, which is triggered\n when the `bigup_retrouver_fichiers` parameter is set to any value. By exploiting the improper\n handling of multipart form data in file uploads, an attacker can inject and execute\n arbitrary PHP code on the target server.\n\n This critical vulnerability affects all versions of SPIP from 4.0 up to and including\n 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code\n remotely via the public interface. The vulnerability has been patched in versions\n 4.3.2, 4.2.16, and 4.1.18.",
110764+
"references": [
110765+
"CVE-2024-8517",
110766+
"URL-https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/",
110767+
"URL-https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html"
110768+
],
110769+
"platform": "Linux,PHP,Unix,Windows",
110770+
"arch": "ARCH_PHP, ARCH_CMD",
110771+
"rport": 80,
110772+
"autofilter_ports": [
110773+
80,
110774+
8080,
110775+
443,
110776+
8000,
110777+
8888,
110778+
8880,
110779+
8008,
110780+
3000,
110781+
8443
110782+
],
110783+
"autofilter_services": [
110784+
"http",
110785+
"https"
110786+
],
110787+
"targets": [
110788+
"PHP In-Memory",
110789+
"Unix/Linux Command Shell",
110790+
"Windows Command Shell"
110791+
],
110792+
"mod_time": "2024-09-08 07:52:40 +0000",
110793+
"path": "/modules/exploits/multi/http/spip_bigup_unauth_rce.rb",
110794+
"is_install_path": true,
110795+
"ref_name": "multi/http/spip_bigup_unauth_rce",
110796+
"check": true,
110797+
"post_auth": false,
110798+
"default_credential": false,
110799+
"notes": {
110800+
"Stability": [
110801+
"crash-safe"
110802+
],
110803+
"Reliability": [
110804+
"repeatable-session"
110805+
],
110806+
"SideEffects": [
110807+
"ioc-in-logs",
110808+
"artifacts-on-disk"
110809+
]
110810+
},
110811+
"session_types": false,
110812+
"needs_cleanup": null
110813+
},
110748110814
"exploit_multi/http/spip_connect_exec": {
110749110815
"name": "SPIP connect Parameter PHP Injection",
110750110816
"fullname": "exploit/multi/http/spip_connect_exec",

0 commit comments

Comments
 (0)