Headline
CVE-2024-38023: Microsoft SharePoint Server Remote Code Execution Vulnerability
How could an attacker exploit the vulnerability?
An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file’s parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.