Description: Silverpeas Core is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
Versions Affected: < 6.3.1
Version Fixed: 6.3.2
Researcher: Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
Disclosure Link: https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2023-47320
Silverpeas Core is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. If an attacker clicks a malicious URL while authenticated to Silverpeas Core, the CSRF payload will create additional domains for authentication.
To exploit this vulnerability, an attacker must direct an administrator to a URL that loads the CVE-2023-47326.html file.