Skip to main content

CVE-2023-50164

Description

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-50164
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

minhbao15677

Refrence: GitHub

jakabakos

A critical security vulnerability, identified as CVE-2023-50164 (CVE: 9.8) was found in Apache Struts, allowing attackers to manipulate file upload parameters that can potentially lead to unauthorized path traversal and remote code execution (RCE).

Refrence: GitHub

bcdannyboy

A scanning utility and PoC for CVE-2023-50164

Refrence: GitHub

dwisiswant0

Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")

Refrence: GitHub

helsecert

Refrence: GitHub

Thirukrishnan

Refrence: GitHub

Trackflaw

Vulnerable docker container for Apache Struts 2 RCE CVE-2023-50164

Refrence: GitHub

miles3719

Refrence: GitHub

aaronm-sysdig

Refrence: GitHub

snyk-labs

Refrence: GitHub

sunnyvale-it

CVE-2023-50164 (Apache Struts path traversal to RCE vulnerability) - Proof of Concept

Refrence: GitHub

AsfandAliMemon25

CVE-2023-50164 An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8