{
  "modified": "2025-09-23T16:15:30Z",
  "published": "2024-08-23T18:15:07Z",
  "id": "CVE-2024-7954",
  "details": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://vulncheck.com/advisories/spip-porte-plume"
    },
    {
      "type": "ARTICLE",
      "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html"
    },
    {
      "type": "WEB",
      "url": "https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/"
    }
  ]
}