File Upload Vulnerability in WebTareas 2.4 by WebTareas
CVE-2023-53971

8.7HIGH

Key Information:

Vendor: Luiswang
Status: Webtareas
Vendor: CVE Published:; 22 December 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-53971?

WebTareas 2.4 is vulnerable to a file upload issue that allows authenticated users to upload malicious PHP files via the chat photo upload feature. This vulnerability enables attackers to store arbitrary PHP code in the /files/Messages/ directory, resulting in potential remote code execution. The exploitation occurs without proper file type verification, posing a significant security risk to systems utilizing this version of WebTareas.

Affected Version(s)

WebTareas 2.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-53971 - Proof of Concept

References

https://www.exploit-db.com/exploits/51089

exploit

https://sourceforge.net/projects/webtareas/

product

https://www.vulncheck.com/advisories/webtareas-authentica...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 22, 2025
👾
Exploit known to exist
Dec 22, 2025
Vulnerability published
Dec 22, 2025
Vulnerability Reserved
Dec 20, 2025

Credit

Hubert Wojciechowski

CVE-2023-53971 Data

JSON

Luiswang

Badges

What is CVE-2023-53971?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit