发布于3月6日3月6日 Members SPIP form PHP Injection Disclosed 02/27/2023 Created 04/18/2023 Description This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are <3.2.18, <4.0.10, <4.1.18 and <4.2.1. Author(s) coiffeur Laluka Julien Voisin Platform Linux,PHP,Unix Architectures php, cmd Development Source Code History
