SPIP CMS BigUp插件未授权远程代码执行漏洞
漏洞信息
漏洞名称: SPIP CMS BigUp插件未授权远程代码执行漏洞
漏洞编号:
- CVE: CVE-2024-8517
漏洞类型: 命令执行
漏洞等级: 严重
漏洞描述: SPIP CMS(Système de Publication pour l’Internet Partagé)是一个广泛使用的开源内容管理系统,特别在法语社区中流行。BigUp是其一个插件,用于文件上传和管理。该插件在SPIP CMS的多个版本中存在一个严重的未授权远程代码执行(RCE)漏洞。漏洞存在于lister_fichiers_par_champs函数中,当bigup_retrouver_fichiers参数被设置为1时,未能正确验证输入,导致攻击者可以上传恶意的PHP负载并在服务器上执行任意代码,而无需任何认证。这一漏洞的影响极为严重,因为它允许攻击者在未授权的情况下完全控制受影响的系统,可能导致数据泄露、服务中断或其他恶意活动。由于漏洞的利用不需要认证,且可以自动化执行,因此风险极高。
产品厂商: SPIP
产品名称: SPIP CMS BigUp插件
影响版本: ≤ 4.3.1, ≤ 4.2.15, ≤ 4.1.17
来源: https://github.com/saadhassan77/SPIP-BigUp-Unauthenticated-RCE-Exploit-CVE-2024-8517-
类型: CVE-2024:github search
仓库文件
- LICENSE
- Readme.md
- exploit.py
来源概述
😈 SPIP BigUp Unauthenticated RCE Exploit (CVE-2024-8517)
📜 Description
This Python script exploits an unauthenticated Remote Code Execution (RCE) vulnerability in the BigUp plugin of the SPIP CMS (Système de Publication pour l’Internet Partagé). The flaw lies in the lister_fichiers_par_champs function, which fails to properly validate input when the bigup_retrouver_fichiers parameter is set to 1. This allows an attacker to upload a malicious PHP payload and achieve arbitrary code execution on the server without authentication.
🛑 Affected SPIP versions:
- ≤ 4.3.1
- ≤ 4.2.15
- ≤ 4.1.17
🧪 About This Script
This version of the exploit was written to work in restricted lab environments (like Guacamole-based virtual labs used in some pentesting platforms), where:
- Internet access is blocked
- You cannot install external Python packages via
pip
Unlike the original public version, this script does not require libraries such as requests, beautifulsoup4, or random_user_agent. It uses only standard Python libraries, making it more portable and usable in air-gapped or locked-down environments.
✅ Key Features
- No external Python dependencies
- Works in offline lab environments (e.g., eJPT/PNPT Guacamole labs)
- Uploads a basic web shell or command-execution payload
- Exploits the vulnerability without authentication
🚀 Usage
python3 exploit.py http://target-spip-site.com/