CVE-2023-53952

HIGH

Dotclear 2.25.3 - Authenticated Remote Code Execution via PHAR File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53952. PoCs published by Mirabbas Ağalarov.

AI-analyzed exploit summary This exploit demonstrates an authenticated RCE vulnerability in Dotclear 2.25.3 by uploading a malicious PHAR file disguised as an image, which executes arbitrary PHP code when accessed.

Description

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed, enabling arbitrary code execution on the server.

Exploits (1)

exploitdb WORKING POC
by Mirabbas Ağalarov · textwebappsphp
https://www.exploit-db.com/exploits/51353

This exploit demonstrates an authenticated RCE vulnerability in Dotclear 2.25.3 by uploading a malicious PHAR file disguised as an image, which executes arbitrary PHP code when accessed.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Dotclear 2.25.3
Auth required
Prerequisites: Authenticated access to the Dotclear admin panel · Ability to upload files via the post editor
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51353
Product technical-description
https://dotclear.org/

Scores

CVSS v3 8.8
EPSS 0.0097
EPSS Percentile 57.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (2)
dotclear/dotclear 2.25.3
Dotclear/Dotclear 2.25.3
Published Dec 19, 2025
Tracked Since Feb 18, 2026