CVE-2023-53956 HIGH

CVE-2023-53956: Flatnux 2021-03.25 Authenticated File Upload Remote Code Execution

Vendor Altervista
Product flatnux
Weakness CWE-434 · Unrestricted file upload
Published December 19, 2025
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server.

Key dates

02Disclosure timeline

December 19, 2025 CVE published
April 7, 2026 Record updated