Findings
Initial attempts
- Nmap only returned SSH and HTTP
- Apache 2.4.41 returns CVE-2021-44790
- Does not seem exploitable
Directories
Services
SPIP
- Login can be found at Se connecter
- Default creds admin / adminadmin do not work
- Version 4.2.0 according to whatweb
- Vulnerable to CVE-2023-27372
Exploits
- Running the POC https://github.com/nuts7/CVE-2023-27372?tab=readme-ov-file
- Did not work with any curl or nc commands
- Trying exploit db https://www.exploit-db.com/exploits/51536 did not work
- Searching CVE in metasploit and using multi/http/spip_rce_form