Home

Description

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server.

PUBLISHED Reserved 2025-12-19 | Published 2025-12-19 | Updated 2025-12-19 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unrestricted Upload of File with Dangerous Type

Product status

2021-03.25
affected

Credits

Ömer Hasan Durmuş finder

References

www.exploit-db.com/exploits/51295 (ExploitDB-51295) exploit

flatnux.altervista.org/flatnux.html (Official Product Homepage) product

www.vulncheck.com/...cated-file-upload-remote-code-execution (VulnCheck Advisory: Flatnux 2021-03.25 Authenticated File Upload Remote Code Execution) third-party-advisory

cve.org (CVE-2023-53956)

nvd.nist.gov (CVE-2023-53956)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.