CVE-2023-53889
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-15

Last updated on: 2025-12-18

Assigner: VulnCheck

Description
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary commands on the server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-15
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53889
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
edgeofmyseat perch 3.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Perch CMS 3.2 allows an authenticated administrator to upload arbitrary PHP files through the assets management interface. Specifically, an attacker can upload a malicious .phar file containing embedded PHP code that executes system commands on the server. Once uploaded, the attacker can remotely execute arbitrary commands by accessing the malicious file, leading to remote code execution on the server. [1, 3]


How can this vulnerability impact me? :

The vulnerability can have severe impacts including unauthorized remote code execution on the server hosting Perch CMS. An attacker with admin access can upload malicious files that allow them to execute arbitrary system commands, potentially leading to full server compromise, data theft, service disruption, or further attacks within the network. [1, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by verifying if an authenticated administrator can upload a .phar file through the assets management interface and then execute system commands via the uploaded file. A practical detection method involves attempting to upload a malicious PHAR file (e.g., poc.phar) containing PHP code that executes system commands. After uploading, you can test command execution by accessing the file with a URL like: http://localhost/perch_v3.2/perch/resources/admin/poc.phar?code=cat%20/etc/passwd. This will confirm if arbitrary command execution is possible. The steps include logging in as an admin, navigating to the assets section (/perch_v3.2/perch/core/apps/assets/), uploading the PHAR file via the asset editing page (/perch_v3.2/perch/core/apps/assets/edit/), and then accessing the uploaded file with a command parameter. These steps can be scripted or manually tested to detect the vulnerability. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting or disabling the ability for authenticated administrators to upload arbitrary files, especially PHAR or PHP files, through the assets management interface. Implement strict file type validation and sanitization on uploads to prevent malicious files from being accepted. Additionally, apply access controls to limit who can upload files and monitor upload activity for suspicious behavior. If possible, update or patch Perch CMS to a version where this vulnerability is fixed. Until a patch is available, consider disabling the asset upload feature or restricting it to trusted users only. [1, 3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart