CVE-2023-53871 MEDIUM

CVE-2023-53871: Soosyze 2.0.0 Unrestricted File Upload via Broken Upload Logic

Vendor Soosyze
Product Soosyze
Weakness CWE-434 · Unrestricted file upload
Published December 15, 2025
Last update April 7, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server.

Key dates

02Disclosure timeline

December 15, 2025 CVE published
April 7, 2026 Record updated