CVE-2024-36042

CRITICAL

Silverpeas <6.3.5 - Auth Bypass

Title source: llm

Description

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.

Exploits (1)

nomisec WRITEUP 3 stars

by zaaraZiof0 · poc

https://github.com/zaaraZiof0/CVE-2024-36042

View Code ZIP pw:eip

References (3)

[Exploit] https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d

[Product] https://github.com/Silverpeas/Silverpeas-Core/tags

[Product] https://silverpeas.org/

Scores

CVSS v3 9.8

EPSS 0.0020

EPSS Percentile 41.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-288

Status published

Products (2)

org.silverpeas.core/silverpeas-core 0 - 6.3.5Maven

silverpeas/silverpeas < 6.3.5

Published Jun 03, 2024

Tracked Since Feb 18, 2026