支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2023-50164 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Apache Struts: File upload component had a directory traversal vulnerability
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
对外部实体的文件或目录可访问
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Apache Struts 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Apache Struts是美国阿帕奇(Apache)基金会的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。 Apache Struts 存在安全漏洞,该漏洞源于file upload参数存在路径遍历漏洞。攻击者可利用该漏洞上传恶意文件并执行远程代码。受影响的产品和版本:Apache Struts 2.0.0至2.5.32版本,6.0.0至6.3.0.1版本。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
Apache Software FoundationApache Struts 2.0.0 ~ 2.5.32 -
二、漏洞 CVE-2023-50164 的公开POC
#POC 描述源链接神龙链接
1A critical security vulnerability, identified as CVE-2023-50164 (CVE: 9.8) was found in Apache Struts, allowing attackers to manipulate file upload parameters that can potentially lead to unauthorized path traversal and remote code execution (RCE).https://github.com/jakabakos/CVE-2023-50164-Apache-Struts-RCEPOC详情
2A scanning utility and PoC for CVE-2023-50164https://github.com/bcdannyboy/CVE-2023-50164POC详情
3Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")https://github.com/dwisiswant0/cve-2023-50164-pocPOC详情
4Nonehttps://github.com/helsecert/cve-2023-50164POC详情
5Nonehttps://github.com/Thirukrishnan/CVE-2023-50164-Apache-Struts-RCEPOC详情
6Vulnerable docker container for Apache Struts 2 RCE CVE-2023-50164https://github.com/Trackflaw/CVE-2023-50164-ApacheStruts2-DockerPOC详情
7Nonehttps://github.com/miles3719/cve-2023-50164POC详情
8Nonehttps://github.com/aaronm-sysdig/cve-2023-50164POC详情
9Nonehttps://github.com/snyk-labs/CVE-2023-50164-POCPOC详情
10CVE-2023-50164 (Apache Struts path traversal to RCE vulnerability) - Proof of Concepthttps://github.com/sunnyvale-it/CVE-2023-50164-PoCPOC详情
11Nonehttps://github.com/n-etupirka/CVE-2023-50164POC详情
12Nonehttps://github.com/AsfandAliMemon25/CVE-2023-50164Analysis-POC详情
13Nonehttps://github.com/minhbao15677/CVE-2023-50164POC详情
14CVE-2023-50164 PoC Application & Exploit scripthttps://github.com/NikitaPark/CVE-2023-50164-PoCPOC详情
15Vulnerable docker container for Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass CVE-2023-50164https://github.com/Trackflaw/CVE-2024-10924-Wordpress-DockerPOC详情
16Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")https://github.com/powerlesssta/cve-2023-50164-pocPOC详情
17Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")https://github.com/separatefailu/cve-2023-50164-pocPOC详情
18Nonehttps://github.com/Pixel-DefaultBR/CVE-2023-50164POC详情
19Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")https://github.com/heavyyeast/cve-2023-50164-pocPOC详情
20Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Struts%20S2-066%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-50164.mdPOC详情
21Proof-of-concept for CVE-2023-50164 (Apache Struts 2), originally by jakabakos and adapted for the HTB Strutted lab environment. For educational use only.https://github.com/MKIRAHMET/CVE-2023-50164-HTB-struttedPOC详情
22Nonehttps://github.com/hybinn/CVE-2023-50164POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2023-50164 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2023-50164 的评论

暂无评论

发表评论