CVE-2023-53883
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| webedition | webedition_cms | 2.9.8.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Webedition CMS v2.9.8.8 allows an authenticated attacker to execute arbitrary system commands on the server by creating a new PHP page and injecting malicious PHP code into the description field. Specifically, the attacker logs into the CMS, selects PHP as the page type, and inserts system commands in the description, which are then executed by the server, leading to remote code execution. [1, 2]
How can this vulnerability impact me? :
The vulnerability can lead to a full compromise of the affected server because an attacker with valid credentials can execute arbitrary system commands remotely. This can result in unauthorized access, data theft, server manipulation, or disruption of services. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unauthorized or suspicious PHP page creations in the Webedition CMS, especially pages where the Description field contains PHP system commands. One way to detect exploitation attempts is to monitor HTTP POST requests to the endpoint `/webEdition/we_cmd.php` with parameters indicating PHP page creation and suspicious payloads such as `<?php echo system("cat /etc/passwd");?>`. Additionally, reviewing newly created PHP pages for injected system commands can help identify exploitation. Network monitoring tools can be configured to alert on such POST requests or unusual PHP code injections. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Webedition CMS to only trusted and authenticated users with the necessary privileges, as the vulnerability requires authenticated access. Disable or restrict the ability to create PHP pages or inject PHP code via the Description field if possible. Applying any available patches or updates from the vendor is recommended. Additionally, monitoring and auditing CMS activity for suspicious page creations and commands can help detect exploitation attempts early. [1, 2]