CVE-2024-7954: Critical RCE in SPIP's Porte Plume Plugin (Cross-platform)

Unauthenticated Remote Code Execution Vulnerability Affecting CMS Platforms

🛑 Advisory Summary

Vulnerability Type: Remote Code Execution (RCE)

Affected Component: porte_plume plugin (SPIP CMS)

CVSSv3 Score: 9.8 (Critical)

Attack Vector: Network-accessible HTTP interface

📜 Affected Versions

SPIP < 4.1.16

SPIP 4.2.x < 4.2.13

SPIP 4.30.x < 4.30-alpha2

🚨 Impact

Successful exploitation allows:
✓ Arbitrary code execution at web server privileges
✓ Complete compromise of affected CMS instances
✓ Potential lateral movement to backend systems

🛡️ Mitigation

Immediate Patching:

Upgrade to SPIP 4.2.13, 4.1.16, or 4.30-alpha2+

Temporary Measures:

Disable porte_plume plugin if unused

Restrict HTTP POST requests to /porte_plume endpoints

Detection:

grep -r "porte_plume" /var/www/spip/plugins/

📌 Vendor Response

SPIP has released patches in coordinated disclosure. No known workarounds exist for unpatched systems.

🔍 Technical References

SPIP Security Advisory

MITRE CVE Entry

NVD Analysis

Note: Proof-of-concept (PoC) links are intentionally omitted per responsible disclosure guidelines.

#SPIP #CMSecurity #PatchNow #WebAppSecurity #CVE20247954