Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
High

CVE-2023-50164

Disclosure Date: December 07, 2023 (last updated December 21, 2023)
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
6
2