OS Command Injection Vulnerability in EasyPHP Webserver by EasyPHP
CVE-2023-53941

9.3CRITICAL

Key Information:

Vendor

EasyPHP

Status
EasyPHP Webserver
Vendor
CVE Published:
18 December 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2023-53941?

The EasyPHP Webserver 14.1 is vulnerable to an OS command injection that allows attackers to perform unauthorized actions with administrative privileges. By manipulating the app_service_control parameter within POST requests to /index.php?zone=settings, an attacker can inject malicious payloads to execute arbitrary system commands. This vulnerability poses a significant risk as it enables unauthenticated users to compromise the server environment.

Affected Version(s)

EasyPHP Webserver 14.1

References

https://www.exploit-db.com/exploits/51430
exploit
https://www.easyphp.org/
product
https://www.vulncheck.com/advisories/easyphp-webserver-re...
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafael Pedrero
JSON
.
CVE-2023-53941 : OS Command Injection Vulnerability in EasyPHP Webserver by EasyPHP