Skip to content

Latest commit

 

History

History

CVE-2023-47326

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

CVE-2023-47326: Silverpeas Core Domain Creation is vulnerable to CSRF

Information

Description: Silverpeas Core is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
Versions Affected: < 6.3.1
Version Fixed: 6.3.2
Researcher: Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
Disclosure Link: https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/ NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2023-47320

Proof-of-Concept Exploit

Description

Silverpeas Core is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. If an attacker clicks a malicious URL while authenticated to Silverpeas Core, the CSRF payload will create additional domains for authentication.

Usage/Exploitation

To exploit this vulnerability, an attacker must direct an administrator to a URL that loads the CVE-2023-47326.html file.