CVE Database · CVE-2023-27372
CVSS v3.1
9.8
EPSS
99.66%
Published
Feb 28, 2023
Modified
Mar 11, 2025
Public PoC / Exploit (3)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (7)
References (14)