CVE-2023-53941

Critical CVSS: 9.3

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to /index.php?zone=settings with crafted app_service_control values to execute commands with administrative privileges.

Vendor

Easyphp

Product

Webserver

CWE

CWE-78

Yayın Tarihi

2025-12-18 20:15:52

Güncelleme

2025-12-26 16:55:17

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Webserver CRITICAL Easyphp 2025

Referanslar

https://www.easyphp.org/ https://www.exploit-db.com/exploits/51430 https://www.vulncheck.com/advisories/easyphp-webserver-remote-code-execution