CVE-2023-3767

CRITICAL

EasyPHP Webserver 14.1 - OS Command Injection via Zone Parameter

Title source: llm

Description

An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/inyeccion-de-comandos-os-en-easyphp-webserver

Scores

CVSS v3 9.8

EPSS 0.0146

EPSS Percentile 70.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

easyphp/webserver 14.1

Published Sep 27, 2023

Tracked Since Feb 18, 2026