QwikSec

Security Database

CVE

CWE

Training

CVE-2023-53889

Published: Dec 15, 2025

Modified: May 12, 2026

PUBLISHED

Description

Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary commands on the server.

Vendor	Product	Versions
Perch	Perch	affected `3.2`

Weaknesses (CWE)

References

ExploitDB-51620

exploit

Perch Product Webpage

product

VulnCheck Advisory: Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.