WEBIGniter 28.7.23 Unrestricted File Upload Remote Code Execution

Advisories

severity: high
date: December 15, 2025
Affecting: WebIGniter 28.7.23
CVE: CVE-2023-53869
CWE: CWE-434 Unrestricted Upload of File with Dangerous Type
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-51736
Webigniter Product Webpage
Credit: nu11secur1ty
Description: WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.