{"uuid": "6ad51f13-b726-4184-a872-ac71d31f06aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27372", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7145", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27372\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.\n\ud83d\udccf Published: 2023-02-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-11T14:27:45.289Z\n\ud83d\udd17 References:\n1. https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html\n2. https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266\n3. https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d\n4. https://www.debian.org/security/2023/dsa-5367\n5. http://packetstormsecurity.com/files/171921/SPIP-Remote-Command-Execution.html\n6. http://packetstormsecurity.com/files/173044/SPIP-4.2.1-Remote-Code-Execution.html", "creation_timestamp": "2025-03-11T14:39:38.000000Z"}