Headline
CVE-2022-37155: [Suggested description] RCE in SPIP 3.1.13 through 4.1.2 allows remote auth - Pastebin.com
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via a GET parameter
[Suggested description]
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to
execute arbitrary code via “_oups” GET parameter
- ------------------------------------------
[VulnerabilityType]
Code injection
- ------------------------------------------
[Vendor of Product]
SPIP - Systeme de Publication pour Internet
- ------------------------------------------
[Affected Product Code Base]
SPIP - 3.1.13 - 3.1.14 - 3.2.8 - 3.2.9 - 3.1.15 - 3.2.10 - 3.2.11 - 4.0.0 - 4.0.1 - 3.2.12 - 4.0.2 - 4.0.3 - 4.0.4 - 3.2.13 - 3.2.14 - 4.0.5 - 4.1.0 - 4.1.1 - 4.0.6 - 4.1.2 - 4.0.7 - 3.2.15
- ------------------------------------------
[Affected Component]
https://github.com/spip/SPIP/blob/0394b44774555ae8331b6e65e35065dfa0bb41e4/prive/formulaires/editer_liens.php#L131
- ------------------------------------------
[Attack Type]
Remote
- ------------------------------------------
[Impact Code execution]
true
- ------------------------------------------
[Attack Vectors]
To exploit vulnerability, an authenticated user with backend access must send a malicious payload (PHP code) in a GET parameter. The server will interpret it and render results to user.
- ------------------------------------------
[Reference]
https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html
https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/85e563c1800bf7e5f36205dbebe0f8692bb731d8/SPIP%204.1.2%20Vulnerabilities/SPIP_4.1.2_AUTH_RCE/SPIP_4.1.2_AUTH_RCE_Abyss_Watcher_12_07_22.md
https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/
- ------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
- ------------------------------------------
[Discoverer]