{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T15:24:14.007","vulnerabilities":[{"cve":{"id":"CVE-2024-7954","sourceIdentifier":"disclosure@vulncheck.com","published":"2024-08-23T18:15:07.677","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request."},{"lang":"es","value":"El complemento porte_plume utilizado por SPIP antes de 4.30-alpha2, 4.2.13 y 4.1.16 es vulnerable a una vulnerabilidad de ejecución de código arbitrario. Un atacante remoto y no autenticado puede ejecutar PHP arbitrario como usuario de SPIP enviando una solicitud HTTP manipulada."}],"metrics":{"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-95"},{"lang":"en","value":"CWE-1286"}]}],"references":[{"url":"https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html","source":"disclosure@vulncheck.com"},{"url":"https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/","source":"disclosure@vulncheck.com"},{"url":"https://vulncheck.com/advisories/spip-porte-plume","source":"disclosure@vulncheck.com"}]}}]}