exploitDog

CVE-2023-53885

Опубликовано: 15 дек. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded file.

Ссылки

https://webutler.de/en
Product
https://www.exploit-db.com/exploits/51660
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/webutler-v-remote-code-execution-via-arbitrary-file-upload
Third Party Advisory
https://www.exploit-db.com/exploits/51660
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webutler:webutler:3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.0036

Низкий

7.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-m394-x673-978p

CVSS3: 7.2

github

около 2 месяцев назад

Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded file.

EPSS

Процентиль: 58%

0.0036

Низкий

7.2 High

CVSS3

Дефекты

CWE-434