QwikSec

Security Database

CVE

CWE

Training

CVE-2023-53885

Published: Dec 15, 2025

Modified: May 12, 2026

PUBLISHED

Description

Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded file.

Vendor	Product	Versions
Webutler	Webutler	affected `3.2`

Weaknesses (CWE)

References

ExploitDB-51660

exploit

WEButler Product Homepage

product

VulnCheck Advisory: Webutler v3.2 Remote Code Execution via Arbitrary File Upload

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.