CVE-2023-53921
Unknown Unknown - Not Provided
Remote Code Execution in SitemagicCMS 4.4.3 via Malicious File Upload

Publication date: 2025-12-17

Last updated on: 2025-12-18

Assigner: VulnCheck

Description
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53921
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sitemagic sitemagiccms 4.4.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in SitemagicCMS 4.4.3 allows attackers to remotely execute code by uploading malicious PHP files to the files/images directory. Specifically, attackers can upload a .phar file containing system command execution payloads, which enables them to compromise the web application and run arbitrary system commands.

Impact Analysis

The vulnerability can lead to a complete compromise of the affected web application, allowing attackers to execute arbitrary system commands. This can result in unauthorized access, data theft, data manipulation, service disruption, or further attacks on the underlying system.

Compliance Impact

This vulnerability allows attackers to execute arbitrary system commands on the server by uploading malicious files, leading to a full compromise of the web application. Such a compromise can result in unauthorized access to sensitive data, potentially violating data protection regulations like GDPR and HIPAA that require safeguarding personal and health information. Therefore, the vulnerability negatively impacts compliance with these common standards and regulations by increasing the risk of data breaches and unauthorized data access. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious .phar files uploaded to the files/images directory of the SitemagicCMS installation. One can look for suspicious files like 'shell.phar' in the /SitemagicCMS/files/images/ directory. Additionally, monitoring HTTP POST requests to the endpoint /SitemagicCMS/index.php with parameters such as SMExt=SMFiles and SMFilesUploadPath=files%2Fimages could indicate exploitation attempts. A command to detect such files on the server might be: `find /path/to/SitemagicCMS/files/images -name '*.phar'`. Accessing such files via a browser or curl could confirm if they execute code, e.g., `curl http://yourserver/SitemagicCMS/files/images/shell.phar` to see if arbitrary commands execute. [1]

Mitigation Strategies

Immediate mitigation steps include restricting or disabling file uploads to the files/images directory, especially for .phar and PHP files. Applying access controls to prevent execution of uploaded files in that directory is critical. Updating or patching SitemagicCMS to a version that fixes this vulnerability (if available) is recommended. If no patch is available, removing or quarantining suspicious uploaded files like .phar files and monitoring for unusual POST requests to the upload endpoint can help reduce risk. Additionally, implementing web application firewall (WAF) rules to block malicious upload attempts and restricting permissions on the upload directories to prevent execution can mitigate exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53921. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart