OS command injection on EasyPHP Webserver

Posted date 26/09/2023
5 - Critical
Affected Resources

EasyPHP Webserver 14.1.


INCIBE has coordinated the publication of 1 vulnerability that affects EasyPHP Webserver 14.1, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-3767: CVSS v3.1: 9.8 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-78.

The reported vulnerability has been solved in the latest version of the affected product.


CVE-2023-3767: an OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the '/index.php?zone=settings parameter'.