cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-48293,https://securityvulnerability.io/vulnerability/CVE-2023-48293,XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries,"The XWiki Admin Tools Application has a cross-site request forgery vulnerability allowing an attacker to execute arbitrary queries on the XWiki database. This can lead to unauthorized modification or deletion of wiki content, jeopardizing the confidentiality, integrity, and availability of the entire XWiki instance. Attackers can exploit this vulnerability via comments that include specially crafted wiki syntax. It is recommended to update to version 4.5.1, where this issue has been addressed through the implementation of form token checks. Additional workarounds are available for users unable to upgrade immediately.",XWiki,Application-admintools,8.8,HIGH,0.000750000006519258,false,false,false,false,,false,false,2023-11-20T19:15:00.000Z,0
CVE-2023-48292,https://securityvulnerability.io/vulnerability/CVE-2023-48292,XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks,"The XWiki Admin Tools Application has a cross-site request forgery vulnerability, enabling attackers to execute arbitrary shell commands on the server. This is achieved by causing an admin user to load a malicious URL embedded in comments. When the harmful comment is viewed, it can result in the unintended execution of commands, compromising both the integrity and confidentiality of the XWiki installation. A patch for this issue has been released in version 4.5.1, which incorporates a form token check to mitigate the risk. As a precaution, admins are advised to either apply the patch or remove the vulnerability-prone command execution functionality.",XWiki,application-admintools,8.8,HIGH,0.000750000006519258,false,false,false,false,,false,false,2023-11-20T18:15:00.000Z,0