Vulnerability Description
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Studip | Stud.Ip | < 5.0.9 |
Related Weaknesses (CWE)
References
- https://gitlab.studip.de/studip/studip/-/tagsProduct
- https://rehmeinfosec.de/labor/cve-2023-50982ExploitThird Party Advisory
- https://sourceforge.net/projects/studip/files/Stud.IP/5.4/Product
- https://gitlab.studip.de/studip/studip/-/tagsProduct
- https://rehmeinfosec.de/labor/cve-2023-50982ExploitThird Party Advisory
- https://sourceforge.net/projects/studip/files/Stud.IP/5.4/Product
FAQ
What is CVE-2023-50982?
CVE-2023-50982 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote c...
How severe is CVE-2023-50982?
CVE-2023-50982 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-50982?
Check the references section above for vendor advisories and patch information. Affected products include: Studip Stud.Ip.