CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries

🗓️ 20 Nov 2023 18:14:08Reported by GitHub_MType

XWiki Admin Tools CSRF vulnerability allows arbitrary database querie

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the XWiki Admin Tools application on the XWiki Platform. XWiki is a platform for creating collaborative web applications. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.	14 Feb 202400:00	–	bdu_fstec
CNNVD	Admin Tools Application Cross-Site Request Forgery Vulnerability	20 Nov 202300:00	–	cnnvd
CVE	CVE-2023-48293	20 Nov 202318:14	–	cve
EUVD	EUVD-2023-2874	3 Oct 202520:07	–	euvd
Github Security Blog	Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries	20 Nov 202321:01	–	github
NVD	CVE-2023-48293	20 Nov 202319:15	–	nvd
OSV	CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries	20 Nov 202318:14	–	osv
OSV	GHSA-4F4C-RHJV-4WGV Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries	20 Nov 202321:01	–	osv
Prion	Cross site request forgery (csrf)	20 Nov 202319:15	–	prion
Positive Technologies	PT-2023-8619 · Xwiki · Xwiki Admin Tools Application	20 Nov 202300:00	–	ptsecurity

[
  {
    "vendor": "xwiki-contrib",
    "product": "application-admintools",
    "versions": [
      {
        "version": "< 4.5.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
jira	www.jira.xwiki.org/browse/ADMINTOOL-92
github	www.github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-4f4c-rhjv-4wgv
github	www.github.com/xwiki-contrib/application-admintools/commit/45298b4fbcafba6914537dcdd798a1e1385f9e46

20 Nov 2023 18:14Current

8.9High risk

Vulners AI Score8.9

CVSS 3.18.8

EPSS0.00365

CWE-352