← volver
CVE-2023-53942

File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution

CVSS 9.4 CRITICALEPSS 0.5%CWE-434
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.4EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
leefish · File Thingie