CVE-2024-36042 | Severity.io

Description

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.

Related CPE's

Vulnerable

References

https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d

Exploit

https://github.com/Silverpeas/Silverpeas-Core/tags

Product

https://silverpeas.org/

Product

https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d

Exploit

https://github.com/Silverpeas/Silverpeas-Core/tags

Product

https://silverpeas.org/

Product

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary

CWE-288

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-06-03T04:15:09.293Z

1 year ago

Last modified

2025-05-29T18:21:54.353Z

9 months ago