漏洞描述
SPIP是一款开源的内容管理系统(CMS),广泛用于创建和管理动态网站。SPIP的BigUp插件在版本4.3.2、4.2.16和4.1.18之前存在命令执行漏洞。攻击者可以通过发送精心构造的多部分文件上传HTTP请求,利用该漏洞执行任意操作系统命令。
SPIP BigUp Plugin /spip.php 命令执行漏洞(CVE-2024-8517)
PoC代码
暂无相关漏洞推荐
- WordPress Plugin Alone Theme /wp-admin/admin-ajax.php beplus_import_pack_install_plugin 文件上传漏洞(CVE-2025-5394)
- POC CVE-2023-23897: Ozette Plugins - Cross-Site Request Forgery
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- POC CVE-2017-5983: JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
- POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
- POC CVE-2023-5815: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
- POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
- POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
- POC CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
- Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞(CVE-2025-2011)
- Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞(CVE-2025-3419)
- Wordpress Plugin Ultimate Auction Pro /wp-admin/admin-ajax.php uwa_see_more_bids_ajax SQL 注入漏洞 (CVE-2025-4204)
- CVE-2019-19985: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download