CVE-2023-27372 Information

Description

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18 4.0.10 4.1.8 and 4.2.1.

Reference

https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266 https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d