Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

OS command injection on EasyPHP Webserver

Posted date 26/09/2023
Identificador

INCIBE-2023-0411

Importance
5 - Critical
Affected Resources

EasyPHP Webserver 14.1.

Description

INCIBE has coordinated the publication of 1 vulnerability that affects EasyPHP Webserver 14.1, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-3767: CVSS v3.1: 9.8 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-78.
Solution

The reported vulnerability has been solved in the latest version of the affected product.

Detail

CVE-2023-3767: an OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the '/index.php?zone=settings parameter'.

References list
Code with Devserver & Host with Webserver
Etiquetas