CVE-2023-53869

HIGH

WEBIGniter 28.7.23 - RCE

Title source: llm

Description

WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.

Exploits (1)

exploitdb WORKING POC

by nu11secur1ty · textwebappsphp

https://www.exploit-db.com/exploits/51736

View Code ZIP pw:eip

References (3)

[Various Sources] https://webigniter.net/

[Third Party Advisory] https://www.vulncheck.com/advisories/webigniter-unrestricted-file-upload-remote-code-execution

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51736

Scores

CVSS v4 8.7

EPSS 0.0046

EPSS Percentile 63.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-434

Status published

Products (1)

WebIGniter/WebIGniter 28.7.23

Published Dec 15, 2025

Tracked Since Feb 18, 2026