CVE-2023-53941

9.8 CRITICAL
Published: December 18, 2025 Modified: December 26, 2025
View on NVD

Description

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to /index.php?zone=settings with crafted app_service_control values to execute commands with administrative privileges.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://www.easyphp.org/
Source: disclosure@vulncheck.com
Product
https://www.exploit-db.com/exploits/51430
Source: disclosure@vulncheck.com
Exploit
https://www.vulncheck.com/advisories/easyphp-webserver-remote-code-execution
Source: disclosure@vulncheck.com
Third Party Advisory Exploit

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
55.3%
98th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-78

Affected Vendors

easyphp

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3