CVE-2023-53923

CriticalPublic PoC

Published: 17 December 2025

Published

17 December 2025

Modified

18 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0020 41.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53923 is a critical-severity Missing Authorization (CWE-862) vulnerability in Ulicms Ulicms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to system resources, directly addressing the missing authorization in UserController that permits unauthenticated admin account creation.

AC-2 Account Management good match

prevent

Manages system accounts including provisioning new accounts with proper authorization, preventing unauthenticated attackers from creating administrative accounts.

SC-14 Public Access Protections good match

prevent

Protects public access interfaces by requiring identification and authentication, mitigating exploitation of the publicly accessible /dist/admin/index.php endpoint.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1136.001 Local Account Persistence

Adversaries may create a local account to maintain access to victim systems.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability enables unauthenticated exploitation of a public-facing web application (T1190) via crafted POST request lacking authorization, directly creating a new administrative account (T1136.001) and achieving privilege escalation to full system access (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with full system…

access.

Deeper analysisAI

CVE-2023-53923 is a privilege escalation vulnerability in UliCMS version 2023.1, stemming from CWE-862 (Missing Authorization). The flaw resides in the UserController endpoint, where unauthenticated attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to create a new administrative account, granting full system access.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity, no required privileges, and no user interaction, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation enables attackers to generate admin users, achieving high impacts on confidentiality, integrity, and availability through complete administrative control.

Advisories such as the VulnCheck report and Exploit-DB entry (ID 51433) document the issue, including a public proof-of-concept exploit demonstrating the unauthenticated admin account creation. No patch or mitigation details are specified in the CVE description.