CVE-2023-6654

MEDIUM

PHPEMS 6.x/7.x/8.x/9.0 - Deserialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-6654. PoCs published by qfmy1024.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-6654, a PHPEMS Cookie deserialization vulnerability. The exploit leverages a deserialization flaw to modify SQL queries, allowing password or privilege changes for arbitrary users.

Description

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.

Exploits (1)

nomisec WORKING POC 2 stars

by qfmy1024 · poc

https://github.com/qfmy1024/CVE-2023-6654

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-6654, a PHPEMS Cookie deserialization vulnerability. The exploit leverages a deserialization flaw to modify SQL queries, allowing password or privilege changes for arbitrary users.

Classification

Working Poc 95%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: PHPEMS versions 6.x, 7.x, 8.x, 9.0

No auth needed

Prerequisites: Target PHPEMS URL · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Permissions Required, Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.247357

Permissions Required, Third Party Advisory, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.247357

Permissions Required broken-link exploit

https://note.zhaoj.in/share/jw4Hp9cq7T69

Scores

CVSS v3 6.3

EPSS 0.0236

EPSS Percentile 85.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-502

Status published

Products (3)

phpems/phpems 6.0

phpems/phpems 7.0

phpems/phpems 6.0.0Packagist

Published Dec 10, 2023

Tracked Since Feb 18, 2026