CVE-2023-53956

HIGH

Flatnux 2021-03.25 - RCE

Title source: llm

Description

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server.

Exploits (1)

exploitdb WORKING POC

by Ömer Hasan Durmuş · textwebappsphp

https://www.exploit-db.com/exploits/51295

View Code ZIP pw:eip

References (3)

[Various Sources] http://flatnux.altervista.org/flatnux.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51295

[Third Party Advisory] https://www.vulncheck.com/advisories/flatnux-authenticated-file-upload-remote-code-execution

Scores

CVSS v3 8.8

EPSS 0.0035

EPSS Percentile 57.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

altervista/flatnux 2021-03.25

Published Dec 19, 2025

Tracked Since Feb 18, 2026