CVE-2023-53871 – Soosyze 2.0.0 contains an unrestricted file upl... (How to Fix)

Q: What is the severity of CVE-2023-53871?

CVE-2023-53871 has a CVSS score of 9.8 (CRITICAL). Soosyze 2.0.0 contains an unrestricted file upload vulnerability that allows attackers to upload HTML files containing PHP code. This enables remote code execution on the server, potentially compromising the entire system. All users running Soosyze 2.0.0 are affected.

📋 TL;DR

Soosyze 2.0.0 contains an unrestricted file upload vulnerability that allows attackers to upload HTML files containing PHP code. This enables remote code execution on the server, potentially compromising the entire system. All users running Soosyze 2.0.0 are affected.

💻 Affected Systems

Products:

Soosyze

Versions: 2.0.0

Operating Systems: All platforms running Soosyze

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation with no special configuration required.

📦 What is this software?

Soosyze by Soosyze

View all CVEs affecting Soosyze →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or use as a foothold for lateral movement in the network.

🟠

Likely Case

Webshell installation allowing persistent backdoor access, data exfiltration, and further exploitation of the server.

🟢

If Mitigated

File uploads blocked or properly validated, preventing malicious file execution while maintaining legitimate functionality.

🌐 Internet-Facing: HIGH - Directly exploitable from the internet without authentication, enabling remote attackers to gain full control.

🏢 Internal Only: HIGH - Even internally, this allows any user with access to upload malicious files and execute arbitrary code.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID 51718), making this trivial to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://soosyze.com/

Restart Required: No

Instructions:

No official patch available. Check Soosyze website for updates. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict File Upload Extensions

all

Configure web server or application to block uploads of .html and .php files

# Apache: Add to .htaccess
<FilesMatch "\.(php|html|htm)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>
# Nginx: Add to server block
location ~ \.(php|html|htm)$ {
    deny all;
}

Implement File Type Validation

all

Add server-side validation to check file content type, not just extension

# PHP example validation
$allowed_types = ['image/jpeg', 'image/png'];
if (!in_array($_FILES['file']['type'], $allowed_types)) {
    die('Invalid file type');
}

🧯 If You Can't Patch

Immediately disable file upload functionality in Soosyze configuration
Implement WAF rules to block file uploads containing PHP code patterns

🔍 How to Verify

Check if Vulnerable:

Check if running Soosyze 2.0.0 by examining version files or admin panel. Test if you can upload an HTML file containing PHP code (<?php phpinfo(); ?>) and access it.

Check Version:

# Check Soosyze version
cat /path/to/soosyze/VERSION
# Or check composer.json
cat /path/to/soosyze/composer.json | grep version

Verify Fix Applied:

Attempt to upload a test HTML file with PHP code. If upload is blocked or file cannot be executed, the fix is working.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to upload directories
Access to .html files in upload directories with suspicious patterns
PHP execution from non-PHP files

Network Indicators:

POST requests to file upload endpoints with HTML/PHP content
Subsequent GET requests to uploaded .html files

SIEM Query:

source="web_server_logs" (POST /upload OR POST /file-upload) AND (file="*.html" OR file="*.htm")

📊 Metadata

CVE ID: CVE-2023-53871

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.19% exploit probability (40.8th percentile)

Published: December 15, 2025

Last Updated: December 30, 2025

🔗 References

https://github.com/soosyze/soosyze Product
https://soosyze.com/ Product
https://www.exploit-db.com/exploits/51718 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/soosyze-unrestricted-file-upload-via-broken-upload-logic Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53871, you might also want to check these: