Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries

🗓️ 20 Nov 2023 21:01:25Reported by GitHub Advisory DatabaseType

CSRF vulnerability in QueryOnXWiki allows arbitrary database queries on XWiki, leading to data modification and elevated privilege escalation

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the XWiki Admin Tools application on the XWiki Platform. XWiki is a platform for creating collaborative web applications. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.	14 Feb 202400:00	–	bdu_fstec
CNNVD	Admin Tools Application Cross-Site Request Forgery Vulnerability	20 Nov 202300:00	–	cnnvd
CVE	CVE-2023-48293	20 Nov 202318:14	–	cve
Cvelist	CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries	20 Nov 202318:14	–	cvelist
EUVD	EUVD-2023-2874	3 Oct 202520:07	–	euvd
NVD	CVE-2023-48293	20 Nov 202319:15	–	nvd
OSV	CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries	20 Nov 202318:14	–	osv
OSV	GHSA-4F4C-RHJV-4WGV Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries	20 Nov 202321:01	–	osv
Prion	Cross site request forgery (csrf)	20 Nov 202319:15	–	prion
Positive Technologies	PT-2023-8619 · Xwiki · Xwiki Admin Tools Application	20 Nov 202300:00	–	ptsecurity

Vulners

Node

Source	Link
github	www.github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-4f4c-rhjv-4wgv
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-48293
github	www.github.com/xwiki-contrib/application-admintools/commit/45298b4fbcafba6914537dcdd798a1e1385f9e46
jira	www.jira.xwiki.org/browse/ADMINTOOL-92
github	www.github.com/advisories/GHSA-4f4c-rhjv-4wgv

20 Nov 2023 22:41Current

7High risk

Vulners AI Score7

CVSS 3.18.8

EPSS0.00756

SSVC