CVE-2023-53921 – SitemagicCMS 4.4.3 contains an unrestricted fil... (How to Fix)

Q: What is the severity of CVE-2023-53921?

CVE-2023-53921 has a CVSS score of 9.8 (CRITICAL). SitemagicCMS 4.4.3 contains an unrestricted file upload vulnerability that allows attackers to upload malicious PHP files, leading to remote code execution. This affects all systems running the vulnerable version, potentially compromising the entire web application and underlying server.

📋 TL;DR

SitemagicCMS 4.4.3 contains an unrestricted file upload vulnerability that allows attackers to upload malicious PHP files, leading to remote code execution. This affects all systems running the vulnerable version, potentially compromising the entire web application and underlying server.

💻 Affected Systems

Products:

SitemagicCMS

Versions: 4.4.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation with no special configuration required.

📦 What is this software?

Sitemagic Cms by Sitemagic

View all CVEs affecting Sitemagic Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover with attacker gaining shell access, installing backdoors, stealing data, and pivoting to internal networks.

🟠

Likely Case

Web application compromise leading to data theft, defacement, or cryptocurrency mining malware installation.

🟢

If Mitigated

Attack blocked at web application firewall level with no successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.4 or later

Vendor Advisory: https://sitemagic.org/Download.html

Restart Required: No

Instructions:

1. Download latest version from sitemagic.org 2. Backup current installation 3. Replace files with patched version 4. Verify upload functionality is properly restricted

🔧 Temporary Workarounds

Restrict file upload extensions

all

Configure web server to block .phar and .php file uploads to files/images directory

# Apache: Add to .htaccess in files/images directory
<FilesMatch "\.(phar|php)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>
# Nginx: Add to server block
location ~* /files/images/.*\.(phar|php)$ {
    deny all;
}

Disable PHP execution in upload directory

all

Prevent PHP files from executing in the vulnerable directory

# Apache: Add to .htaccess in files/images directory
php_flag engine off
# Nginx: Add to server block
location ~* /files/images/.*\.php$ {
    return 403;
}

🧯 If You Can't Patch

Implement web application firewall with file upload restrictions
Monitor and alert on .phar/.php file uploads to files/images directory

🔍 How to Verify

Check if Vulnerable:

Check if running SitemagicCMS version 4.4.3 and test if .phar files can be uploaded to files/images directory

Check Version:

Check SMVersion.txt file in SitemagicCMS root directory

Verify Fix Applied:

Verify version is 4.4.4+ and test that .phar/.php file uploads to files/images are blocked

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to upload endpoints with .phar/.php extensions
File creation events in files/images directory with .phar/.php extensions
Unusual process execution from web server user

Network Indicators:

POST requests with file uploads to /files/images/
Outbound connections from web server to suspicious IPs

SIEM Query:

source="web_server" AND (uri_path="/files/images/" AND method="POST") AND (file_extension="phar" OR file_extension="php")

📊 Metadata

CVE ID: CVE-2023-53921

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.38% exploit probability (58.9th percentile)

Published: December 17, 2025

Last Updated: December 31, 2025

🔗 References

https://sitemagic.org/Download.html Product
https://www.exploit-db.com/exploits/51464 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/sitemagiccms-remote-code-execution-via-unrestricted-file-upload Third Party Advisory
https://www.exploit-db.com/exploits/51464 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53921, you might also want to check these: