Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-7954 PoC — SPIP porte_plume Plugin Arbitrary PHP Execution

Source
https://github.com/r0otk3r/CVE-2024-7954
Associated Vulnerability
Title:SPIP porte_plume Plugin Arbitrary PHP Execution (CVE-2024-7954)
Description:The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
Readme
# CVE-2024-7954 - SPIP 4.2.8 Remote Command Execution (RCE) Exploit

This script exploits a Remote Code Execution vulnerability in SPIP version 4.2.8 via the `porte_plume_previsu` endpoint. The vulnerability allows unauthenticated attackers to inject PHP code through preview rendering of crafted image tags.

> **CVE ID:** CVE-2024-7954  
> **Component:** SPIP CMS (`porte_plume_previsu`)  
> **Impact:** Unauthenticated Remote Command Execution  
> **Severity:** Critical

---

##  Exploit Capabilities

- Execute arbitrary system commands
- Retrieve live command output
- Automatically extract and display IP geolocation info
- Proxy support (Burp/ZAP or other)

---

##  Usage

```bash
python3 cve_2024_7954_rce.py --url <TARGET_URL> --cmd <COMMAND> [--proxy <IP:PORT>]
```
---
#### Example 1

```bash
python3 cve_2024_7954_rce.py --url <TARGET_URL> --cmd "whoami" --proxy "127.0.0.1:8080"
```
![who](https://github.com/user-attachments/assets/85cdcd92-743b-44b2-9004-e47eeaf0cbc5)
#### Burp Suite Request/Response:
![bwho](https://github.com/user-attachments/assets/d09a61fb-82ed-4cdd-ac40-09c5f298a4de)
---
#### Example 2

```bash
python3 cve_2024_7954_rce.py --url <TARGET_URL> --cmd "id" --proxy "127.0.0.1:8080"
```
![id](https://github.com/user-attachments/assets/e2c599a3-2784-4a2a-9ad8-93ae64ed105d)
#### Burp Suite Request/Response:
![bid](https://github.com/user-attachments/assets/929341a3-ca5e-40a9-abbc-5fa7efef6edc)
---
#### Example 3
```bash
python3 cve_2024_7954_rce.py --url <TARGET_URL> --cmd "uname -a" --proxy "127.0.0.1:8080"
```
![uname](https://github.com/user-attachments/assets/508c75da-f993-48c7-8b41-5f48beac006d)
##### Burp Suite Request/Response:
![b uname](https://github.com/user-attachments/assets/690471be-4691-4ea3-bc2b-f318c4874872)
---

## ⚠️ Disclaimer


This exploit script is for authorized security testing, defensive research, and educational purposes only.

---

## Official Channels

- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →