CVE-2023-53971 — HIGH (8.8)

Vulnerability Description

WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file path.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Webtareas Project	Webtareas	2.4

Related Weaknesses (CWE)

CWE-434

References

https://sourceforge.net/projects/webtareas/Product
https://www.exploit-db.com/exploits/51089Exploit
https://www.vulncheck.com/advisories/webtareas-authenticated-remote-code-executiThird Party Advisory

FAQ

What is CVE-2023-53971?

CVE-2023-53971 is a vulnerability with a CVSS score of 8.8 (HIGH). WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbit...

How severe is CVE-2023-53971?

CVE-2023-53971 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-53971?

Check the references section above for vendor advisories and patch information. Affected products include: Webtareas Project Webtareas.