PT-2023-30415 · Unknown · Silverpeas Core

Tyler Ramsbey

Published

2023-12-13

Updated

2023-12-15

CVE-2023-47322

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Silverpeas Core version 6.3.1

Description The issue affects the userModify feature, allowing for Cross Site Request Forgery (CSRF) that leads to privilege escalation. If an administrator visits a malicious URL while authenticated to the Silverpeas application, the CSRF can execute, making the attacker an administrator user in the application.

Recommendations For Silverpeas Core version 6.3.1, consider disabling the userModify feature as a temporary workaround until a patch is available. Restrict access to the userModify feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-352

Related Identifiers

CVE-2023-47322

GHSA-G27C-W2V7-88XP

Affected Products

Silverpeas Core

PT-2023-30415 · Unknown · Silverpeas Core

CVE-2023-47322

Weakness Enumeration

Related Identifiers

Affected Products

References · 10