Description

XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.

Remediation

References

CVE-2023-26473

Related Vulnerabilities

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1611)

WordPress Plugin AccessPress Social Icons includes Backdoor [Only if downloaded via the vendor website] (1.8.2)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-6890)

WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.3.2)

WordPress Plugin Image Metadata Cruncher Multiple Vulnerabilities (1.8)

Severity

Medium

Classification

CVE-2023-26473 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities