SPIP porte_plume plugin Arbitrary PHP Execution | Advisories | VulnCheck

Sign In / Join Sign In

Advisories

SPIP porte_plume plugin Arbitrary PHP Execution

severity: critical
date: August 23, 2024
Affecting: Before 4.3.0-alpha2
Before 4.2.13
Before 4.1.16
CVE: CVE-2024-7954
CVE type: Improper Access Control
CVSS: 9.8
CVSS V3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References: Advisory
Exploit Description
Credit: Louka Jacques-Chevallier
VulnCheck KEV: This advisory is in the VulnCheck KEV database