Cyber Resilience

CVE-2023-53924

HighPublic PoC

Published: 17 December 2025

Published
17 December 2025
Modified
18 December 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0079 51.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53924 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Ulicms Ulicms. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).

Deeper analysis

CVE-2023-53924 is a remote code execution vulnerability in UliCMS version 2023.1-sniffing-vicuna. The flaw arises during profile avatar uploads, where authenticated attackers can upload PHP files disguised with a .phar extension. By crafting malicious avatars, attackers bypass restrictions, and code execution is triggered simply by visiting the uploaded file's location on the server.

The vulnerability requires low-privileged authentication (PR:L) and can be exploited remotely (AV:N) with low complexity (AC:L) and no user interaction (UI:N), earning a CVSS v3.1 base score of 8.8 (High) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Successful exploitation enables attackers to execute arbitrary system commands, potentially leading to full server compromise.

Advisories and references, including those from VulnCheck and Exploit-DB (exploit 51434), detail the issue and provide proof-of-concept exploits. An archived UliCMS site is also referenced, though specific patch details or mitigation steps are outlined in these resources, which security practitioners should review for updates and remediation guidance.

EU & UK References

Vulnerability details

UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution through maliciously…

more

crafted avatar uploads.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Vulnerability enables remote code execution in public-facing web app via authenticated file upload bypass (T1190), directly facilitating web shell deployment by uploading executable PHP/.phar files triggered via URL access (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2023-53914Same product: Ulicms Ulicms
CVE-2023-53923Same product: Ulicms Ulicms
CVE-2025-23953Shared CWE-434
CVE-2026-0911Shared CWE-434
CVE-2026-35047Shared CWE-434
CVE-2020-36849Shared CWE-434
CVE-2024-13723Shared CWE-434
CVE-2023-53922Shared CWE-434
CVE-2026-40412Shared CWE-434
CVE-2024-53345Shared CWE-434

Affected Assets

ulicms
ulicms
2023.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of uploaded avatar files to reject PHP/.phar extensions and malicious content, preventing disguised code execution.

prevent

Restricts profile avatar uploads to only safe image file types and characteristics, blocking .phar and PHP files at input.

preventdetect

Deploys malicious code scanning at upload entry points to identify and block executable PHP content in avatar files.

References