CVE-2023-50982

CVSS 3.1 Score 9.0 of 10 (high)

Details

Published Jan 8, 2024

Updated: Jan 12, 2024

CWE ID 434

CWE ID 79

Summary

CVE-2023-50982 is a significant vulnerability in Stud.IP 5.x versions up to 5.3.3. The issue allows for Cross-Site Scripting (XSS) attacks, which can culminate in the upload of executable files. The root cause is the lack of checking for file extensions in the upload_action and edit_action functions of Admin_SmileysController. Consequently, remote code execution is possible with the privileges of the www-data user. The affected versions include 5.3.3, and the recommended fixes are 5.3.4, 5.2.6, 5.1.7, and 5.0.9.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t1wn8G
https://www.cve.org/CVERecord?id=CVE-2023-50982
https://nvd.nist.gov/vuln/detail/CVE-2023-50982

Back to Vulnerability Database

CVE-2023-50982

CVSS 3.1 Score 9.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations