← back
CVE-2023-53869

WEBIGniter 28.7.23 Unrestricted File Upload Remote Code Execution

CVSS 8.7 HIGHEPSS 0.4%CWE-434
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.7EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
WebIGniter · WebIGniter