PT-2025-51301 · Unknown · Webedition Cms
Mirabbas Ağalarov
·
Published
2025-12-15
·
Updated
2025-12-21
·
CVE-2023-53883
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Webedition CMS version 2.9.8.8
Description
Webedition CMS version 2.9.8.8 has a flaw that permits authenticated attackers to execute system commands remotely. This is achieved by creating a new PHP page and inserting malicious system commands within the description field. This allows for arbitrary command execution on the server. The vulnerable functionality involves the creation of PHP pages. The affected parameter is the description field during PHP page creation.
Recommendations
Apply a fix that prevents the execution of system commands within the description field during PHP page creation.
Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webedition Cms