Login Sign Up

CVE-2023-53907

6.5 MEDIUM

📋 TL;DR

CVE-2023-53907 is an authenticated file download vulnerability in Bludit's Backup Plugin that allows logged-in users to read arbitrary files through directory traversal. Attackers can exploit this by manipulating file path parameters to access sensitive system files. This affects all Bludit installations with vulnerable versions where users have authenticated access.

💻 Affected Systems

Products:
  • Bludit CMS
Versions: Versions before 3.13.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access; Backup Plugin must be enabled/accessible.

📦 What is this software?

Bludit by Bludit

View all CVEs affecting Bludit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive files like configuration files, database credentials, SSH keys, or other system files, potentially leading to full system compromise.

🟠

Likely Case

Authenticated attackers reading configuration files containing database credentials or other sensitive application data.

🟢

If Mitigated

Limited impact if proper access controls and file permissions restrict what authenticated users can access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authenticated access; directory traversal via file path manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.13.1

Vendor Advisory: https://www.bludit.com

Restart Required: No

Instructions:

1. Backup your Bludit installation. 2. Download Bludit 3.13.1 or later from official website. 3. Replace existing files with new version. 4. Verify functionality.

🔧 Temporary Workarounds

Disable Backup Plugin

linux

Temporarily disable or remove the vulnerable Backup Plugin to prevent exploitation.

mv /path/to/bludit/bl-plugins/backup /path/to/bludit/bl-plugins/backup.disabled

Restrict Plugin Access

all

Use web server configuration to restrict access to backup plugin endpoints.

# Apache: <Location "/bl-plugins/backup/"> Require all denied </Location>
# Nginx: location ~ ^/bl-plugins/backup/ { deny all; }

🧯 If You Can't Patch

  • Implement strict access controls to limit which users can access the Backup Plugin functionality.
  • Apply file system permissions to restrict read access to sensitive files outside the web root.

🔍 How to Verify

Check if Vulnerable:

Check if Bludit version is below 3.13.1 and Backup Plugin is accessible to authenticated users.

Check Version:

cat /path/to/bludit/bl-kernel/boot.php | grep "define('BLUDIT_VERSION'"

Verify Fix Applied:

Verify Bludit version is 3.13.1 or later and test that directory traversal attempts via Backup Plugin are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns via Backup Plugin endpoints
  • Directory traversal sequences in URL parameters (e.g., ../)

Network Indicators:

  • HTTP requests to /bl-plugins/backup/ with suspicious file path parameters

SIEM Query:

source="web_access_logs" AND uri_path="/bl-plugins/backup/" AND (uri_query="*../*" OR uri_query="*..%2f*")

📊 Metadata

CVE ID: CVE-2023-53907
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
EPSS Score: 0.32% exploit probability (54.3th percentile)
Published: December 17, 2025
Last Updated: December 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53907, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)