Skip to content

Latest commit

 

History

History

CVE-2023-47321

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 

CVE-2023-47321: Silverpeas Core Portlet Deployer Access via Broken Access Control

Information

Description: This allows low privileged users to access the Portlet Deployment tool.
Versions Affected: < 6.3.1
Version Fixed: 6.3.2
Researcher: Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
Disclosure Link: https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2023-47320

Proof-of-Concept Exploit

Description

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Portlet Deployet" which allows administrators to deploy .WAR portlets.

Usage/Exploitation

To exploit this vulnerability, an authenticated user needs to navigate directly to this URL: http://localhost:8080/silverpeas/portletDeployer.