exploitDog

CVE-2023-47322

Опубликовано: 13 дек. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.

Ссылки

http://silverpeas.com
Product
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322
Exploit
Third Party Advisory
http://silverpeas.com
Product
https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47322
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:silverpeas:silverpeas:*:*:*:*:*:*:*:*

Версия до 6.3.2 (исключая)

EPSS

Процентиль: 35%

0.00144

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-g27c-w2v7-88xp

CVSS3: 8.8

github

около 2 лет назад

Cross Site Request Forgery in Silverpeas

EPSS

Процентиль: 35%

0.00144

Низкий

8.8 High

CVSS3

Дефекты

CWE-352