CVE-2023-53871

CRITICAL

Soosyze 2.0.0 - Code Injection

Title source: llm

Description

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server.

Exploits (1)

exploitdb WORKING POC

by nu11secur1ty · textwebappsphp

https://www.exploit-db.com/exploits/51718

View Code ZIP pw:eip

References (4)

[Product] https://github.com/soosyze/soosyze

[Product] https://soosyze.com/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/51718

[Third Party Advisory] https://www.vulncheck.com/advisories/soosyze-unrestricted-file-upload-via-broken-upload-logic

Scores

CVSS v3 9.8

EPSS 0.0026

EPSS Percentile 49.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

soosyze/soosyze 2.0.0

Soosyze/Soosyze 2.0.0

Published Dec 15, 2025

Tracked Since Feb 18, 2026