Vulnerability CVE-2023-50164


Published: 2023-12-07   Modified: 2023-12-14

Description:
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

Type:

CWE-552

(Files or Directories Accessible to External Parties)

Affected software
Apache -> Struts 

 References:
https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
https://www.openwall.com/lists/oss-security/2023/12/07/1
http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
https://security.netapp.com/advisory/ntap-20231214-0010/

Copyright 2024, cxsecurity.com

 

Back to Top