2 matches found
CVE-2023-50982
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...
CVE-2023-50982
CVE-2023-50982 affects Stud.IP 5.x–5.3.3. An XSS vulnerability arises from not validating file extensions in Admin_SmileysController upload_action/edit_action, potentially allowing remote code execution with www-data privileges. Fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9. Remediation: upgr...