Podatność CVE-2023-50164


Publikacja: 2023-12-07   Modyfikacja: 2023-12-14

Opis:
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

Typ:

CWE-552

(Files or Directories Accessible to External Parties)

Affected software
Apache -> Struts 

 Referencje:
https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
https://www.openwall.com/lists/oss-security/2023/12/07/1
http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
https://security.netapp.com/advisory/ntap-20231214-0010/

Copyright 2024, cxsecurity.com

 

Back to Top