CVEs-PoC/2024/CVE-2024-7954.md at 8e2ebbf9bd04edab52d0cbcbc6c2f6e2cfdaa67d

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-12 21:42:20 +02:00

Files

T

0xMarcio 6a17b5b11e Update CVE sources 2024-08-30 20:52

2024-08-30 20:52:42 +00:00

Description

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.

POC

Reference

https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/

Github

https://github.com/20142995/nuclei-templates
https://github.com/Chocapikk/Chocapikk
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/tanjiti/sec_profile
https://github.com/wy876/POC

980 B Raw Blame History

CVE-2024-7954

Description

POC

Reference

Github

980 B

Raw Blame History