CVE-2023-47323
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to
CVSS
7.5
Alto
EPSS
0.8%
p51
KEV
—
Exploit Today
15
0-100
Publicado: 13 dic 2023 · Última mod.: 9 jul 2026
0.8%EPSS · 30 días0.8%
2026-06-302026-07-17
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators.
Sin CVEs relacionados por CWE o producto.