VYPR
Critical severity9.0NVD Advisory· Published Jan 8, 2024· Updated Jun 17, 2026

CVE-2023-50982

CVE-2023-50982

Description

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Stud.ip/Stud.ipcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=5.3.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.