# N/A
## 漏洞概述
SPIP版本早于4.2.1的远程代码执行漏洞,源于公有区域表单值中的序列化处理不当。
## 影响版本
- 早于4.2.1的所有版本
## 漏洞细节
在SPIP版本4.2.1之前的版本中,由于公有区域中的表单值序列化处理不当,攻击者可以通过操纵这些表单值执行远程代码。
## 影响
- 受影响版本包括低于4.2.1的所有版本。已修复版本为3.2.18、4.0.10、4.1.8及4.2.1。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. | https://github.com/nuts7/CVE-2023-27372 | POC详情 |
| 2 | SPIP Vulnerability Scanner - CVE-2023-27372 Detector | https://github.com/Chocapikk/CVE-2023-27372 | POC详情 |
| 3 | This is a PoC for CVE-2023-27372 which spawns a fully interactive shell. | https://github.com/0SPwn/CVE-2023-27372-PoC | POC详情 |
| 4 | CVE-2023-27372-SPIP-CMS-Bypass | https://github.com/izzz0/CVE-2023-27372-POC | POC详情 |
| 5 | Perform With Mass Remote Code Execution In SPIP Version (4.2.1) | https://github.com/ThatNotEasy/CVE-2023-27372 | POC详情 |
| 6 | This is a PoC for CVE-2023-27372 and spawns a fully interactive shell. | https://github.com/redboltsec/CVE-2023-27372-PoC | POC详情 |
| 7 | spip | https://github.com/Jhonsonwannaa/CVE-2023-27372 | POC详情 |
| 8 | None | https://github.com/1amthebest1/CVE-2023-27372 | POC详情 |
| 9 | None | https://github.com/inviewp/CVE-2023-27372 | POC详情 |
| 10 | spip | https://github.com/dream434/CVE-2023-27372 | POC详情 |
| 11 | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-27372.yaml | POC详情 |