Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Stud.IP 跨站脚本漏洞
Vulnerability Description
Stud.IP是Sourceforge开源的一个大学、教育和应用的学习和信息管理系统。 Stud.IP 5.3.4之前、5.2.6之前、5.1.7之前和 5.0.9之前版本存在跨站脚本漏洞,该漏洞源于Admin_SmileysController 中的 upload_action 、 edit_action 不检查文件扩展名,导致攻击者可以使用 www-data 用户权限执行远程代码。
CVSS Information
N/A
Vulnerability Type
N/A