CVE-2023-53885

Name of the Vulnerable Software and Affected Versions Webutler version 3.2

Description Webutler version 3.2 has a flaw that permits authenticated administrators to upload PHP files capable of executing system commands. An attacker can upload a PHAR file containing embedded system commands through the media browser, and then execute these commands by accessing the uploaded file. The affected functionality involves uploading files.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict file upload permissions for administrator accounts.