OS command injection on EasyPHP Webserver

Posted date 26/09/2023

Importance

5 - Critical

Affected Resources

EasyPHP Webserver 14.1.

Description

INCIBE has coordinated the publication of 1 vulnerability that affects EasyPHP Webserver 14.1, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

CVE-2023-3767: CVSS v3.1: 9.8 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-78.

Solution

The reported vulnerability has been solved in the latest version of the affected product.

Detail

CVE-2023-3767: an OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the '/index.php?zone=settings parameter'.

References list

Code with Devserver & Host with Webserver

Etiquetas

0day
CNA
Vulnerability