CVE-2023-53921 HIGH

CVE-2023-53921: SitemagicCMS 4.4.3 Remote Code Execution via Unrestricted File Upload

Vendor Sitemagic
Product SitemagicCMS
Weakness CWE-434 · Unrestricted file upload
Published December 17, 2025
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands.

Key dates

02Disclosure timeline

December 17, 2025 CVE published
April 7, 2026 Record updated