CVE-2023-53883 — HIGH (7.2)

Vulnerability Description

Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Webedition	Webedition Cms	2.9.8.8

Related Weaknesses (CWE)

CWE-94

References

https://www.exploit-db.com/exploits/51661Exploit
https://www.vulncheck.com/advisories/webedition-cms-v-remote-code-execution-via-Third Party Advisory
https://www.webedition.org/Product
https://www.exploit-db.com/exploits/51661Exploit

FAQ

What is CVE-2023-53883?

CVE-2023-53883 is a vulnerability with a CVSS score of 7.2 (HIGH). Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with...

How severe is CVE-2023-53883?

CVE-2023-53883 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-53883?

Check the references section above for vendor advisories and patch information. Affected products include: Webedition Webedition Cms.