Admin Tools Application 安全漏洞

Admin Tools Application is an advanced administration tool for XWiki open-sourced by the XWiki Foundation. A security vulnerability exists in versions of Admin Tools Application prior to 1.1, which stems from improper access control and could lead to non-administrative users accessing...

GHSA-4F4C-RHJV-4WGV Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries

Impact A CSRF vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with...

CVE-2023-48293

The CVE refers to XWiki Admin Tools Application (pre-4.5.1) where a CSRF flaw in the Query on XWiki tool allows executing arbitrary database queries. This can modify or delete wiki data and potentially create an attacker account with elevated privileges, impacting confidentiality, integrity, and ...

Admin Tools Application Cross-Site Request Forgery Vulnerability

Admin Tools Application is an open source advanced management tool for XWiki from the XWiki Foundation. A cross-site request forgery vulnerability exists in Admin Tools Application versions prior to 4.5.1, which stems from a vulnerability that allows arbitrary database queries to be performed on...

Admin Tools Application Cross-Site Request Forgery Vulnerability

Admin Tools Application is an open source advanced administration tool for XWiki from the XWiki Foundation. A cross-site request forgery vulnerability exists in Admin Tools Application versions 4.4 through 4.5.1, which can be exploited to allow an attacker to execute arbitrary shell commands by...