CVE-2023-53921
Remote Code Execution in SitemagicCMS 4.4.3 via Malicious File Upload
Publication date: 2025-12-17
Last updated on: 2025-12-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sitemagic | sitemagiccms | 4.4.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SitemagicCMS 4.4.3 allows attackers to remotely execute code by uploading malicious PHP files to the files/images directory. Specifically, attackers can upload a .phar file containing system command execution payloads, which enables them to compromise the web application and run arbitrary system commands.
How can this vulnerability impact me? :
The vulnerability can lead to a complete compromise of the affected web application, allowing attackers to execute arbitrary system commands. This can result in unauthorized access, data theft, data manipulation, service disruption, or further attacks on the underlying system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows attackers to execute arbitrary system commands on the server by uploading malicious files, leading to a full compromise of the web application. Such a compromise can result in unauthorized access to sensitive data, potentially violating data protection regulations like GDPR and HIPAA that require safeguarding personal and health information. Therefore, the vulnerability negatively impacts compliance with these common standards and regulations by increasing the risk of data breaches and unauthorized data access. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious .phar files uploaded to the files/images directory of the SitemagicCMS installation. One can look for suspicious files like 'shell.phar' in the /SitemagicCMS/files/images/ directory. Additionally, monitoring HTTP POST requests to the endpoint /SitemagicCMS/index.php with parameters such as SMExt=SMFiles and SMFilesUploadPath=files%2Fimages could indicate exploitation attempts. A command to detect such files on the server might be: `find /path/to/SitemagicCMS/files/images -name '*.phar'`. Accessing such files via a browser or curl could confirm if they execute code, e.g., `curl http://yourserver/SitemagicCMS/files/images/shell.phar` to see if arbitrary commands execute. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling file uploads to the files/images directory, especially for .phar and PHP files. Applying access controls to prevent execution of uploaded files in that directory is critical. Updating or patching SitemagicCMS to a version that fixes this vulnerability (if available) is recommended. If no patch is available, removing or quarantining suspicious uploaded files like .phar files and monitoring for unusual POST requests to the upload endpoint can help reduce risk. Additionally, implementing web application firewall (WAF) rules to block malicious upload attempts and restricting permissions on the upload directories to prevent execution can mitigate exploitation. [1, 2]