Home

Description

WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.

PUBLISHED Reserved 2025-12-13 | Published 2025-12-15 | Updated 2025-12-15 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Unrestricted Upload of File with Dangerous Type

Product status

28.7.23
affected

Credits

nu11secur1ty finder

References

www.exploit-db.com/exploits/51736 (ExploitDB-51736) exploit

webigniter.net/ (Webigniter Product Webpage) product

www.vulncheck.com/...icted-file-upload-remote-code-execution (VulnCheck Advisory: WEBIGniter 28.7.23 Unrestricted File Upload Remote Code Execution) third-party-advisory

cve.org (CVE-2023-53869)

nvd.nist.gov (CVE-2023-53869)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.