CVE-2023-50982
CVE-2023-50982 affects Stud.IP 5.x–5.3.3. An XSS vulnerability arises from not validating file extensions in Admin_SmileysController upload_action/edit_action, potentially allowing remote code execution with www-data privileges. Fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9. Remediation: upgr...