cvedb.io
CVE-2023-27372
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2023-02-28T20:15:10.243 · Last modified 2026-06-17T05:44:53.830

Summary

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

Affected products

spip — spip

Does this affect you?

Add your gear to cvedb and we'll alert you only when spip ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.