CVE-2024-7954

Critical

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A…

VulnCheck·CWE-95·Published 2024-08-23

CVSS

9.8

EPSS

0.90

KEV

Exploits

cve.orgen

250 chars

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.

NVDen

250 chars

NVDes

280 chars

El complemento porte_plume utilizado por SPIP antes de 4.30-alpha2, 4.2.13 y 4.1.16 es vulnerable a una vulnerabilidad de ejecución de código arbitrario. Un atacante remoto y no autenticado puede ejecutar PHP arbitrario como usuario de SPIP enviando una solicitud HTTP manipulada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H