CVE-2023-53952
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-19

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed, enabling arbitrary code execution on the server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53952
EUVD
EUVD-2025-204592
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dotclear dotclear 2.25.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include restricting or disabling the upload of .phar files through the blog post creation interface, especially for authenticated users. Applying the latest Dotclear updates or patches that address this vulnerability is recommended. If updates are not yet available, consider disabling or restricting file upload functionality temporarily. Additionally, review and harden file upload validation to prevent dangerous file types and ensure uploaded files are not executable. Monitoring and restricting access to uploaded files with .phar extensions can also reduce risk. [2, 1]

Executive Summary

CVE-2023-53952 is a remote code execution vulnerability in Dotclear version 2.25.3 that allows authenticated attackers to upload malicious PHP files with a .phar extension through the blog post creation interface. These files contain PHP system commands that execute when the uploaded file is accessed, enabling the attacker to run arbitrary code on the server. [2, 3]

Impact Analysis

This vulnerability can allow an attacker with valid credentials to execute arbitrary code on the server hosting Dotclear. This can lead to full server compromise, unauthorized access to sensitive data, disruption of services, and potentially further attacks on the network or other connected systems. [2, 3]

Detection Guidance

This vulnerability can be detected by checking for the presence of uploaded .phar files containing PHP code through the blog post creation interface. One approach is to monitor the upload directory for .phar files and inspect their contents for PHP code. Additionally, reviewing web server logs for access to .phar files may indicate exploitation attempts. A possible command to find .phar files on the server is: `find /path/to/dotclear/uploads -name '*.phar'`. To inspect a .phar file for PHP code, you can use `strings filename.phar | grep '<?php'`. Monitoring HTTP POST requests to `/dotclear/admin/post.php` with file uploads can also help detect attempts to exploit this vulnerability. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53952. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart