CVE-2023-53933
Published: 17 December 2025
Summary
CVE-2023-53933 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in S9Y Serendipity. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the flaw in Serendipity's media upload endpoint that permits unrestricted .phar file uploads leading to remote code execution.
Requires validation of uploaded files to reject dangerous types like .phar containing PHP payloads, preventing exploitation of the unrestricted upload vulnerability.
Scans uploaded files for malicious code, providing defense-in-depth against RCE payloads in .phar files even if validation is bypassed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an unrestricted file upload in a public-facing web application (Serendipity blogging platform), enabling exploitation of public-facing applications (T1190) and deployment of web shells via malicious PHP .phar files for remote code execution (T1505.003).
NVD Description
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.
Deeper analysisAI
CVE-2023-53933 is a remote code execution vulnerability in Serendipity 2.4.0, a PHP-based blogging platform. The flaw allows authenticated attackers to upload malicious PHP files with a .phar extension via the media upload endpoint. These files can contain system command payloads, enabling arbitrary command execution on the affected server. The vulnerability is rated with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).
An attacker with low-privilege authenticated access, such as a registered user, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By crafting and uploading a .phar file containing malicious payloads to the media endpoint, the attacker achieves full remote code execution on the server, potentially leading to high confidentiality, integrity, and availability impacts, including server compromise, data theft, or further lateral movement.
Advisories and related resources, including the Serendipity documentation at https://docs.s9y.org/, a VulnCheck advisory at https://www.vulncheck.com/advisories/serendipity-authenticated-remote-code-execution-via-file-upload, and a public proof-of-concept exploit at https://www.exploit-db.com/exploits/51372, provide further details on the issue. Security practitioners should consult these for recommended mitigations, such as restricting upload permissions or applying any available patches.
Details
- CWE(s)