CVE-2023-53921

Name of the Vulnerable Software and Affected Versions SitemagicCMS version 4.4.3

Description The software contains a remote code execution issue that allows attackers to upload malicious PHP files to the 'files/images' directory. An attacker can upload a .phar file containing a system command execution payload to compromise the web application and execute arbitrary system commands. The API endpoint used for file upload is not specified. The vulnerable parameter is not specified. The function responsible for handling file uploads is not specified.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict file upload permissions to the 'files/images' directory.