CVE-2023-47323
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to
CVSS
7.5
High
EPSS
0.8%
p51
KEV
—
Exploit Today
15
0-100
Published: Dec 13, 2023 · Last modified: Jul 9, 2026
0.8%EPSS · 30 days0.8%
2026-06-302026-07-17
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.
No related CVEs by CWE or product.