Primary

Context

Soosyze File Upload Vulnerability Allowing Arbitrary PHP Code Execution

Vulnerability

A file upload vulnerability has been identified in Soosyze version 2.0.0. This issue allows attackers to upload arbitrary HTML files containing embedded PHP code. Exploitation of this vulnerability could lead to the execution of malicious PHP scripts on the server. The flawed file upload mechanism also has the potential to expose sensitive file paths.

Impact

Exploitation of this vulnerability could result in unauthorized execution of PHP scripts on the server, potentially leading to a full compromise of the web application or server.

Reproduction

To reproduce this vulnerability, upload a file with an .html extension that contains PHP code, such as a phpinfo() script. Once the file is uploaded, access it through the web server. The PHP code will be executed, and the output will include sensitive information such as file paths, which could be exploited further.

Added: Dec 15, 2025, 9:28 PM

Updated: Dec 15, 2025, 9:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Soosyze File Upload Vulnerability Allowing Arbitrary PHP Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating