CVE-2023-53941

CRITICAL

EasyPHP Webserver 14.1 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53941. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in EasyPHP Webserver 14.1, allowing remote code execution via the 'app_service_control' parameter. It also includes a path traversal proof of concept to read arbitrary files.

Description

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to /index.php?zone=settings with crafted app_service_control values to execute commands with administrative privileges.

Exploits (1)

exploitdb WORKING POC
by Rafael Pedrero · textwebappsphp
https://www.exploit-db.com/exploits/51430

The exploit demonstrates a command injection vulnerability in EasyPHP Webserver 14.1, allowing remote code execution via the 'app_service_control' parameter. It also includes a path traversal proof of concept to read arbitrary files.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: EasyPHP Webserver 14.1
No auth needed
Prerequisites: Network access to the target server · EasyPHP Webserver 14.1 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Product product
https://www.easyphp.org/
Third Party Advisory, Exploit third-party-advisory
https://www.vulncheck.com/advisories/easyphp-webserver-remote-code-execution

Scores

CVSS v3 9.8
EPSS 0.7078
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (2)
Easyphp/EasyPHP Webserver 14.1
easyphp/webserver 14.1
Published Dec 18, 2025
Tracked Since Feb 18, 2026