CVE-2023-53894

CRITICAL

phpfm 1.7.9 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53894. PoCs published by thoughtfault.

AI-analyzed exploit summary This exploit leverages a type juggling vulnerability in phpfm (versions 1.6.1-1.7.9) to bypass authentication by manipulating the 'loggedon' cookie value. It then uploads a PHP shell to achieve remote code execution (RCE).

Description

phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.

Exploits (1)

exploitdb WORKING POC
by thoughtfault · pythonwebappsphp
https://www.exploit-db.com/exploits/51594

This exploit leverages a type juggling vulnerability in phpfm (versions 1.6.1-1.7.9) to bypass authentication by manipulating the 'loggedon' cookie value. It then uploads a PHP shell to achieve remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: phpfm v1.6.1-1.7.9
No auth needed
Prerequisites: Target running phpfm with vulnerable version · Ability to send HTTP requests to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/51594

Scores

CVSS v3 9.8
EPSS 0.0055
EPSS Percentile 41.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-1390
Status published
Products (2)
dulldusk/phpfilemanager 1.7.9
Dulldusk/phpfm 1.7.9
Published Dec 16, 2025
Tracked Since Feb 18, 2026