CVE-2023-53885

Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
webutlerwebutler
3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://webutler.de/en
https://www.exploit-db.com/exploits/51660
https://www.vulncheck.com/advisories/webutler-v-remote-code-execution-via-arbitrary-file-upload
https://www.exploit-db.com/exploits/51660