Adobe Experience Manager 6.0.0.0 < 6.5.19.1 Arbitrary code execution (APSB23-77)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.19.1. It is, therefore, affected by a vulnerability as referenced in the APSB23-77 advisory. - An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to...

Yet Another Apache Struts 2 Vulnerability – CVE-2023-50164

Apache Struts is a popular open-source web application framework used to develop MVC-based web applications. The widespread adoption of the Apache Struts framework has resulted in the related applications being targeted by malicious actors over the years. The popularity of the framework results i...

Apache Struts file upload directory traversal

Added: 12/20/2023 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...

Design/Logic Flaw

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...