MidnightBSD

Advisories for webutler

CVE-2023-53885

Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded file.

Products Affected

Vendor Product Version
webutler webutler 3.2