Vulnerability Details CVE-2023-50982
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.7%
CVSS Severity
CVSS v3 Score 9.0
References
Products affected by CVE-2023-50982
-
cpe:2.3:a:studip:stud.ip:4.0
-
cpe:2.3:a:studip:stud.ip:4.0.1
-
cpe:2.3:a:studip:stud.ip:4.0.10
-
cpe:2.3:a:studip:stud.ip:4.0.11
-
cpe:2.3:a:studip:stud.ip:4.0.12
-
cpe:2.3:a:studip:stud.ip:4.0.2
-
cpe:2.3:a:studip:stud.ip:4.0.3
-
cpe:2.3:a:studip:stud.ip:4.0.4
-
cpe:2.3:a:studip:stud.ip:4.0.5
-
cpe:2.3:a:studip:stud.ip:4.0.6
-
cpe:2.3:a:studip:stud.ip:4.0.7
-
cpe:2.3:a:studip:stud.ip:4.0.8
-
cpe:2.3:a:studip:stud.ip:4.0.9
-
cpe:2.3:a:studip:stud.ip:4.1
-
cpe:2.3:a:studip:stud.ip:4.1.1
-
cpe:2.3:a:studip:stud.ip:4.1.2
-
cpe:2.3:a:studip:stud.ip:4.1.3
-
cpe:2.3:a:studip:stud.ip:4.1.4
-
cpe:2.3:a:studip:stud.ip:4.1.5
-
cpe:2.3:a:studip:stud.ip:4.2
-
cpe:2.3:a:studip:stud.ip:4.2.1
-
cpe:2.3:a:studip:stud.ip:4.2.2
-
cpe:2.3:a:studip:stud.ip:4.2.3
-
cpe:2.3:a:studip:stud.ip:4.2.4
-
cpe:2.3:a:studip:stud.ip:4.2.5
-
cpe:2.3:a:studip:stud.ip:4.2.6
-
cpe:2.3:a:studip:stud.ip:4.2.7
-
cpe:2.3:a:studip:stud.ip:4.3
-
cpe:2.3:a:studip:stud.ip:4.3.1
-
cpe:2.3:a:studip:stud.ip:4.3.2
-
cpe:2.3:a:studip:stud.ip:4.3.3
-
cpe:2.3:a:studip:stud.ip:4.3.4
-
cpe:2.3:a:studip:stud.ip:4.3.5
-
cpe:2.3:a:studip:stud.ip:4.3.6
-
cpe:2.3:a:studip:stud.ip:4.3.7
-
cpe:2.3:a:studip:stud.ip:4.4
-
cpe:2.3:a:studip:stud.ip:4.4.1
-
cpe:2.3:a:studip:stud.ip:4.4.2
-
cpe:2.3:a:studip:stud.ip:4.4.3
-
cpe:2.3:a:studip:stud.ip:4.4.4
-
cpe:2.3:a:studip:stud.ip:4.4.5
-
cpe:2.3:a:studip:stud.ip:4.4.6
-
cpe:2.3:a:studip:stud.ip:4.4.7
-
cpe:2.3:a:studip:stud.ip:4.4.8
-
cpe:2.3:a:studip:stud.ip:4.5
-
cpe:2.3:a:studip:stud.ip:4.5.1
-
cpe:2.3:a:studip:stud.ip:4.5.2
-
cpe:2.3:a:studip:stud.ip:4.5.3
-
cpe:2.3:a:studip:stud.ip:4.5.4
-
cpe:2.3:a:studip:stud.ip:4.5.5
-
cpe:2.3:a:studip:stud.ip:4.5.6
-
cpe:2.3:a:studip:stud.ip:4.5.7
-
cpe:2.3:a:studip:stud.ip:4.5.8
-
cpe:2.3:a:studip:stud.ip:4.6
-
cpe:2.3:a:studip:stud.ip:4.6.1
-
cpe:2.3:a:studip:stud.ip:4.6.2
-
cpe:2.3:a:studip:stud.ip:4.6.3
-
cpe:2.3:a:studip:stud.ip:4.6.4
-
cpe:2.3:a:studip:stud.ip:4.6.5
-
cpe:2.3:a:studip:stud.ip:4.6.6
-
cpe:2.3:a:studip:stud.ip:4.6.7
-
cpe:2.3:a:studip:stud.ip:4.6.8
-
cpe:2.3:a:studip:stud.ip:5.0
-
cpe:2.3:a:studip:stud.ip:5.0.1
-
cpe:2.3:a:studip:stud.ip:5.0.2
-
cpe:2.3:a:studip:stud.ip:5.0.3
-
cpe:2.3:a:studip:stud.ip:5.0.4
-
cpe:2.3:a:studip:stud.ip:5.0.5
-
cpe:2.3:a:studip:stud.ip:5.0.6
-
cpe:2.3:a:studip:stud.ip:5.0.7
-
cpe:2.3:a:studip:stud.ip:5.0.8
-
cpe:2.3:a:studip:stud.ip:5.1
-
cpe:2.3:a:studip:stud.ip:5.1.1
-
cpe:2.3:a:studip:stud.ip:5.1.2
-
cpe:2.3:a:studip:stud.ip:5.1.3
-
cpe:2.3:a:studip:stud.ip:5.1.4
-
cpe:2.3:a:studip:stud.ip:5.1.5
-
cpe:2.3:a:studip:stud.ip:5.1.6
-
cpe:2.3:a:studip:stud.ip:5.2
-
cpe:2.3:a:studip:stud.ip:5.2.1
-
cpe:2.3:a:studip:stud.ip:5.2.2
-
cpe:2.3:a:studip:stud.ip:5.2.3
-
cpe:2.3:a:studip:stud.ip:5.2.4
-
cpe:2.3:a:studip:stud.ip:5.2.5
-
cpe:2.3:a:studip:stud.ip:5.3
-
cpe:2.3:a:studip:stud.ip:5.3.1
-
cpe:2.3:a:studip:stud.ip:5.3.2
-
cpe:2.3:a:studip:stud.ip:5.3.3