What is CVE-2023-50164?

CVE-2023-50164 is a vulnerability in Apache Software Foundation Struts, classified under Files or Directories Accessible to External Parties. Published 2023-12-07.

Is CVE-2023-50164 known to be exploited?

66 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Struts

CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versio…

EPSS: 0.929 (99.8th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Struts — versions 2.0.0, 6.0.0

Weakness classification (CWE)

CWE-552 — Files or Directories Accessible to External Parties

Public proof-of-concept exploits

jakabakos/CVE-2023-50164-Apache-Struts-RCE
dwisiswant0/cve-2023-50164-poc
Trackflaw/CVE-2023-50164-ApacheStruts2-Docker
snyk-labs/CVE-2023-50164-POC
bcdannyboy/CVE-2023-50164
Trackflaw/CVE-2024-10924-Wordpress-Docker
sunnyvale-it/CVE-2023-50164-PoC
Pixel-DefaultBR/CVE-2023-50164
NikitaPark/CVE-2023-50164-PoC
aaronm-sysdig/cve-2023-50164

References

lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj (vendor-advisory, mailing-list)
www.openwall.com/lists/oss-security/2023/12/07/1
packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Exec…
security.netapp.com/advisory/ntap-20231214-0010/

Frequently asked questions

What is CVE-2023-50164?: CVE-2023-50164 is a vulnerability in Apache Software Foundation Struts, classified under Files or Directories Accessible to External Parties. Published 2023-12-07.
Is CVE-2023-50164 known to be exploited?: 66 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.