Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip CVE-2024-8517

Name: Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip CVE-2024-8517
Rating: 5 (439 reviews)

2025-08-01 | CVSS 9.8

## https://sploitus.com/exploit?id=6206A900-0829-5479-8D77-001A57866324
PoC exploit for CVE-2024-8517, an unauthenticated Remote Code Execution (RCE) vulnerability in the BigUp plugin of SPIP CMS. The vulnerability is present in versions ≤ 4.3.1, 4.2.15, and 4.1.17. The exploit abuses the bigup_retrouver_fichiers parameter to execute arbitrary PHP via upload progress features without authentication. The probable entry point is the exploit.py script. Not specified how it is typically invoked. The expected impact is Remote Code Execution.