Unrated severityNVD Advisory· Published Feb 28, 2023· Updated Mar 11, 2025
CVE-2023-27372
CVE-2023-27372
Description
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
6- www.debian.org/security/2023/dsa-5367mitrevendor-advisory
- packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.htmlmitre
- packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.htmlmitre
- blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.htmlmitre
- git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266mitre
- git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409dmitre
News mentions
0No linked articles in our index yet.