CVE-2023-24955
Microsoft SharePoint Server Remote Code Execution Vulnerability
In short
A vulnerability in Microsoft SharePoint Server allows an attacker to execute malicious code remotely on the server. An authenticated user can exploit this flaw to take control of the system and compromise sensitive data.
Technical detail
This CWE-94 (Improper Control of Generation of Code) vulnerability enables remote code execution through SharePoint Server's code generation mechanism. An authenticated attacker can craft malicious input that bypasses validation controls, leading to arbitrary code execution with server privileges and potential lateral movement within the network.
Summary generated and translated by AI from the official description.
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft SharePoint Enterprise Server 2016Microsoft · Microsoft SharePoint Server 2019Microsoft · Microsoft SharePoint Server Subscription Editionpublic PoCs found — 1
githubgithub.com/former-farmer/CVE-2023-24955-PoC★ 13⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →