CVE-2023-53950

CRITICAL EPSS 42.3%

Published Dec 19, 20256mo ago · Modified Jun 17, 20261w ago

9.3 CVSS 4.0

Critical

Published Dec 19, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload controls in the asset manager.

CVSS Details

Base Score

9.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

42.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt

References 3

innovastudio.com https://innovastudio.com
exploit-db.com https://www.exploit-db.com/exploits/51362
vulncheck.com https://www.vulncheck.com/advisories/innovastudio-wysiwyg-editor-unrestricted-file-upload-via-filename-manipulation

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.