CVE-2023-53950

CRITICAL

InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload

Title source: llm

Description

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload controls in the asset manager.

Exploits (1)

exploitdb WORKING POC

by Zer0FauLT · textwebappsasp

https://www.exploit-db.com/exploits/51362

View Code ZIP pw:eip

References (3)

[Various Sources] https://innovastudio.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51362

[Third Party Advisory] https://www.vulncheck.com/advisories/innovastudio-wysiwyg-editor-unrestricted-file-upload-via-filename-manipulation

Scores

CVSS v3 9.8

EPSS 0.0008

EPSS Percentile 23.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

innovastudio/WYSIWYG Editor < 5.4

Published Dec 19, 2025

Tracked Since Feb 18, 2026