Description: The "userModify" request is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation.
Versions Affected: < 6.3.1
Version Fixed: 6.3.2
Researcher: Tyler Ramsbey (https://youtube.com/@TylerRamsbey)
Disclosure Link: https://rhinosecuritylabs.com/research/silverpeas-file-read-cves/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2023-47320
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF will execute making the attacker and administrator user in the application.
To exploit this vulnerability, an attacker must host CVE-2023-47322.html on an attacker-controlled web server. When an authenticated administrator goes to the attacker's website, the CSRF will execute making the attacker an administrator.