CVE-2023-3767 CRITICAL

CVE-2023-3767: OS command injection on EasyPHP Webserver

Vendor Easyphp

Product Webserver

Weakness CWE-78

Published September 26, 2023

Last update September 24, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.

Key dates

02Disclosure timeline

September 26, 2023 CVE published

September 24, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3767 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

04Related CVE

CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root CVE-2026-0783 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability CVE-2023-3571 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels CVE-2023-41192 D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability CVE-2023-6260 Web UI OS Command Injection in Brivo ACS100, ACS300