CVE-2023-53883

EUVD-2025-203425
Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
webeditionwebedition_cms
2.9.8.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/51661
https://www.vulncheck.com/advisories/webedition-cms-v-remote-code-execution-via-php-page-creation
https://www.webedition.org/
https://www.exploit-db.com/exploits/51661