CVE-2023-53869

HIGH

WebIGniter 28.7.23 - Authenticated Remote Code Execution via Media File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53869. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in WEBIGniter v28.7.23, allowing remote code execution via PHP file upload. The PoC includes a simple PHP script to verify the vulnerability.

Description

WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.

Exploits (1)

exploitdb WORKING POC

by nu11secur1ty · textwebappsphp

https://www.exploit-db.com/exploits/51736

View Code ZIP pw:eip

This exploit demonstrates a file upload vulnerability in WEBIGniter v28.7.23, allowing remote code execution via PHP file upload. The PoC includes a simple PHP script to verify the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WEBIGniter v28.7.23

Auth required

Prerequisites: Valid user account on the target system

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/51736

Various Sources product

https://webigniter.net/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/webigniter-unrestricted-file-upload-remote-code-execution

Scores

CVSS v4 8.7

EPSS 0.0022

EPSS Percentile 44.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

WebIGniter/WebIGniter 28.7.23

Published Dec 15, 2025

Tracked Since Feb 18, 2026