Arbitrary File Upload Vulnerability in Academy LMS by Academy LMS
CVE-2023-53876

5.1MEDIUM

Key Information:

Vendor

Creativeitem

Status
Academy Lms
Vendor
CVE Published:
15 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2023-53876?

Academy LMS version 6.1 contains a vulnerability that allows authenticated users to exploit the file upload feature by uploading malicious SVG files. This can lead to stored cross-site scripting (XSS) attacks through the modification of file extensions, enabling the injection of executable JavaScript code via the profile avatar upload functionality. It is crucial for users of Academy LMS to understand the implications of this vulnerability and to implement necessary security measures to prevent exploitation.

Affected Version(s)

Academy LMS 6.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-53876 - Proof of Concept

References

https://www.exploit-db.com/exploits/51702
exploit
https://academylms.net/
technical-description
https://www.vulncheck.com/advisories/academy-lms-arbitrar...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

CraCkEr
JSON
.
CVE-2023-53876 : Arbitrary File Upload Vulnerability in Academy LMS by Academy LMS