CVE-2024-8517

Critical

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute…

VulnCheck·CWE-73·Published 2024-09-06

CVSS

9.8

EPSS

0.95

KEV

Exploits

cve.orgen

226 chars

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.

NVDen

226 chars

NVDes

257 chars

SPIP anterior a 4.3.2, 4.2.16 y 4.1.18 es vulnerable a un problema de inyección de comandos. Un atacante remoto y no autenticado puede ejecutar comandos arbitrarios del sistema operativo enviando una solicitud HTTP de carga de archivo multiparte manipulada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H