Security Advisory

CVE-2023-53942

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-18 19:53:35
Last updated 2026-04-07 14:08:00
Assigner VulnCheck
State PUBLISHED

Description

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter.