The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HSilverpeas
APPSilverpeas< 6.3.2
Powiązane podatności
Silverpeas – pomijanie wymagań złożoności hasła przy jego zmianie
Silverpeas – pominięcie hasła umożliwia dostęp jako superadmin (Auth Bypass)
Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be tr...
SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via t...
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to ex...