Home

Description

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload controls in the asset manager.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-19 | Updated 2025-12-19 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Unrestricted Upload of File with Dangerous Type

Product status

Any version
affected

Credits

Zer0FauLT finder

References

www.exploit-db.com/exploits/51362 (ExploitDB-51362) exploit

innovastudio.com (Official Vendor Homepage) product

www.vulncheck.com/...d-file-upload-via-filename-manipulation (VulnCheck Advisory: InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation) third-party-advisory

cve.org (CVE-2023-53950)

nvd.nist.gov (CVE-2023-53950)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.