Soosyze vulnerabilities
2 known vulnerabilities affecting soosyze/soosyze.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-53871P2CRITICALCVSS 9.8v2.0.02025-12-15
CVE-2023-53871 [CRITICAL] CWE-434 CVE-2023-53871: Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML fi
Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server.
nvd
CVE-2025-52392P3HIGHPoC≥ 0, ≤ 2.0.02025-08-13
CVE-2025-52392 [HIGH] CWE-307 Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms
Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper
ghsaosv