CVE-2023-50982
- Source
- https://cve.org/CVERecord?id=CVE-2023-50982
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50982.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-50982
- Published
- 2024-01-08T20:15:44.513Z
- Modified
- 2026-04-09T09:53:37.746542Z
- Severity
-
- 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9.
- References
Affected packages
Git / gitlab.studip.de/studip/studip
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.studip.de/studip/studip
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed2ef20a0c14b808e3d3f0304bd30445dbe672fdb0Introduced2b7ff1a8e43f4247a45d57090cbc333e30fc3982Fixedb671ca17460a95b1a7d5ec11d3c7c3d20d5b812dIntroduced1ff00327893e389fd41d7a8b34769e33e77fa4ceFixed8b0561a791795648d5b961a0d030335e0e00a6eaIntroduced62231c2569e42b3e25b3e25afd892153066c7608Fixedf3efce19190b2926208629caf18d332749d270fa
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "5.0.9" }, { "introduced": "5.1" }, { "fixed": "5.1.7" }, { "introduced": "5.2" }, { "fixed": "5.2.6" }, { "introduced": "5.3" }, { "fixed": "5.3.4" } ] }