Remote Code Execution via Mishandled Serialization in SPIP

Remote Code Execution via Mishandled Serialization in SPIP

CVE-2023-27372 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Learn more about our Web Application Penetration Testing UK.