CVE-2023-53889

Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2

Description Perch CMS version 3.2 has a remote code execution issue. Authenticated administrators can upload arbitrary PHP files through the assets management interface. An attacker can upload a malicious .phar file containing embedded system command execution capabilities to execute arbitrary commands on the server. The vulnerable functionality involves uploading assets.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict file uploads to trusted administrators only.