CVE-2023-53871

CRITICAL

Soosyze 2.0.0 - Unrestricted Upload of File with Dangerous Type via Broken Upload Logic

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53871. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This exploit demonstrates a broken file upload vulnerability in soosyze 2.0.0, allowing an attacker to upload a malicious HTML file containing PHP code (e.g., phpinfo()) to potentially expose sensitive file paths or execute arbitrary code.

Description

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server.

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · textwebappsphp
https://www.exploit-db.com/exploits/51718

This exploit demonstrates a broken file upload vulnerability in soosyze 2.0.0, allowing an attacker to upload a malicious HTML file containing PHP code (e.g., phpinfo()) to potentially expose sensitive file paths or execute arbitrary code.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: soosyze 2.0.0
No auth needed
Prerequisites: Access to the file upload functionality in soosyze 2.0.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51718
Product product
https://soosyze.com/

Scores

CVSS v3 9.8
EPSS 0.0043
EPSS Percentile 63.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-434
Status published
Products (2)
soosyze/soosyze 2.0.0
Soosyze/Soosyze 2.0.0
Published Dec 15, 2025
Tracked Since Feb 18, 2026