TROYANOSYVIRUS
Volver a CVEs

CVE-2023-53950

CRITICAL
9.8

Descripcion

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload controls in the asset manager.

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/19/2025
Ultima modificacion12/23/2025
Fuentenvd
Avistamientos honeypot0

Debilidades (CWE)

CWE-434

Referencias

https://innovastudio.com(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/51362(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/innovastudio-wysiwyg-editor-unrestricted-file-upload-via-filename-manipulation(disclosure@vulncheck.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.