CVE-2023-53883 HIGH

CVE-2023-53883: Webedition CMS v2.9.8.8 Remote Code Execution via PHP Page Creation

Vendor Webedition
Product Webedition CMS
Weakness CWE-94 · Code injection
Published December 15, 2025
Last update May 12, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server.

Key dates

02Disclosure timeline

December 15, 2025 CVE published
May 12, 2026 Record updated