CVE-2023-53893

MEDIUM

Ateme TITAN File 3.9.12.4 - Authenticated Server-Side Request Forgery via Job Callback URL Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53893. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an authenticated SSRF vulnerability in Ateme TITAN File software, allowing an attacker to force the application to make arbitrary HTTP/DNS/File requests via a crafted callback URL parameter. The provided curl command shows file enumeration via a file:// URI.

Description

Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the application to make HTTP, DNS, or file requests to arbitrary destinations.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/51582

View Code ZIP pw:eip

This exploit demonstrates an authenticated SSRF vulnerability in Ateme TITAN File software, allowing an attacker to force the application to make arbitrary HTTP/DNS/File requests via a crafted callback URL parameter. The provided curl command shows file enumeration via a file:// URI.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: Ateme TITAN File 3.9.12.4, 3.9.11.0, 3.9.9.2, 3.9.8.0

Auth required

Prerequisites: Valid authentication token · Network access to the target application

MITRE ATT&CK

T1083 - File and Directory Discovery T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/51582

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php

Product product

https://www.ateme.com/product-titan-software/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/ateme-titan-file-authenticated-server-side-request-forgery-vulnerability

Scores

CVSS v3 6.5

EPSS 0.0024

EPSS Percentile 14.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (5)

Ateme/TITAN 3.9.12.4

ateme/titan_file 3.9.8.0

ateme/titan_file 3.9.9.2

ateme/titan_file 3.9.11.0

ateme/titan_file 3.9.12.4

Published Dec 15, 2025

Tracked Since Feb 18, 2026