SPIP password reset serialization vulnerability

Added: 06/23/2023

Background

SPIP is a web-based publishing system written in PHP.

Problem

Mishandling of serialized data in SPIP's password reset form allows remote attackers to execute arbitrary commands.

Resolution

Upgrade to SPIP 3.2.18, 4.0.10, 4.1.8, 4.2.1 or higher.

References

https://github.com/nuts7/CVE-2023-27372

Platforms

Linux

Back to exploit index