CVE-2023-50164
Description
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Severity: CRITICAL
CVE ID: CVE-2023-50164
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
minhbao15677
Refrence: GitHub
jakabakos
A critical security vulnerability, identified as CVE-2023-50164 (CVE: 9.8) was found in Apache Struts, allowing attackers to manipulate file upload parameters that can potentially lead to unauthorized path traversal and remote code execution (RCE).
Refrence: GitHub
bcdannyboy
A scanning utility and PoC for CVE-2023-50164
Refrence: GitHub
dwisiswant0
Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")
Refrence: GitHub
helsecert
Refrence: GitHub
Thirukrishnan
Refrence: GitHub
Trackflaw
Vulnerable docker container for Apache Struts 2 RCE CVE-2023-50164
Refrence: GitHub
miles3719
Refrence: GitHub
aaronm-sysdig
Refrence: GitHub
snyk-labs
Refrence: GitHub
sunnyvale-it
CVE-2023-50164 (Apache Struts path traversal to RCE vulnerability) - Proof of Concept
Refrence: GitHub
AsfandAliMemon25
CVE-2023-50164 An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Refrence: GitHub