CVE-2023-53871

CriticalPublic PoC

Published: 15 December 2025

Published

15 December 2025

Modified

30 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0026 49.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP…

scripts on the server.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the unrestricted file upload vulnerability by requiring validation of uploaded files to block dangerous types like HTML with embedded PHP code.

SI-9 Information Input Restrictions good match

prevent

Prevents exploitation by restricting file upload inputs to only safe types and formats, mitigating uploads of executable HTML/PHP files.

SI-3 Malicious Code Protection good match

preventdetect

Mitigates malicious PHP script execution from uploaded files by scanning for and blocking malicious code at system entry points.

Security SummaryAI

CVE-2023-53871 is a file upload vulnerability in Soosyze 2.0.0, a content management system. The flaw allows attackers to upload arbitrary HTML files containing embedded PHP code due to a broken file upload mechanism. Exploitation can also disclose sensitive file paths and enable execution of malicious PHP scripts on the server. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-434 (Unrestricted Upload of File with Dangerous Type).

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful attacks achieve high impacts across confidentiality, integrity, and availability, primarily by executing arbitrary PHP code for potential remote code execution and revealing server file paths.

Advisories, including one from VulnCheck detailing the unrestricted file upload via broken upload logic, provide further technical analysis. An exploit is publicly available on Exploit-DB (ID 51718). Practitioners should review the official Soosyze GitHub repository and website for any patches or remediation guidance.

Details

CWE(s): CWE-434

Affected Products

soosyze

2.0.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

Unrestricted file upload in public-facing CMS enables unauthenticated RCE via PHP web shells (T1190, T1100).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/soosyze/soosyze
Product · disclosure@vulncheck.com
https://soosyze.com/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51718
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/soosyze-unrestricted-file-upload-via-broken-upload-logic
Third Party Advisory · disclosure@vulncheck.com