SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
id: CVE-2023-27372
info:
name: SPIP - Remote Command Execution
author: DhiyaneshDK,nuts7
seve
...