4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Thu, 25 Sep 2025 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-646 |
Thu, 25 Sep 2025 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-73 CWE-78 |
Wed, 18 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:spip:spip:4.3.0:*:*:*:*:*:*:* cpe:2.3:a:spip:spip:4.3.1:*:*:*:*:*:*:* |
Mon, 09 Sep 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 06 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Spip
Spip spip |
|
CPEs | cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:* | |
Vendors & Products |
Spip
Spip spip |
|
Metrics |
ssvc
|
Fri, 06 Sep 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. | |
Title | SPIP Bigup Multipart File Upload OS Command Injection | |
Weaknesses | CWE-646 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-09-25T18:26:02.854Z
Reserved: 2024-09-06T14:37:41.755Z
Link: CVE-2024-8517

Updated: 2024-09-06T20:30:39.297Z

Status : Modified
Published: 2024-09-06T16:15:03.793
Modified: 2025-09-25T19:15:42.373
Link: CVE-2024-8517

No data.

No data.