CVE-2023-53878

HIGH

Member Login Script 3.3 - HTTP Request Smuggling via Content-Length Header Parsing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53878. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This exploit demonstrates a client-side desync vulnerability in Member Login Script 3.3, where a POST request with a smuggled GET request in the body can lead to request smuggling due to improper handling of the Content-Length header.

Description

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · textwebappsphp
https://www.exploit-db.com/exploits/51710

This exploit demonstrates a client-side desync vulnerability in Member Login Script 3.3, where a POST request with a smuggled GET request in the body can lead to request smuggling due to improper handling of the Content-Length header.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Member Login Script 3.3
No auth needed
Prerequisites: Access to the target application · Ability to send crafted HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v4 7.3
EPSS 0.0008
EPSS Percentile 22.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-444
Status published
Products (1)
Phpjabbers/Member Login Script 3.3
Published Dec 15, 2025
Tracked Since Feb 18, 2026