CVE-2025-34061

CRITICAL

PHPStudy 2016-2018 - Unauthenticated Remote Code Execution via Accept-Charset Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-34061. PoCs published by Dimensional, Airevan, including Metasploit module exploits/multi/http/phpstudy_backdoor_rce.

AI-analyzed exploit summary This Metasploit module exploits a backdoor in PHPStudy (2016-2018) by sending a base64-encoded payload via the 'Accept-Charset' header to achieve remote code execution. The check function verifies vulnerability by injecting a random string and confirming its presence in the response.

Description

A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Dimensional, Airevan · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpstudy_backdoor_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a backdoor in PHPStudy (2016-2018) by sending a base64-encoded payload via the 'Accept-Charset' header to achieve remote code execution. The check function verifies vulnerability by injecting a random string and confirming its presence in the response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHPStudy 2016-2018

No auth needed

Prerequisites: Network access to the target · PHPStudy backdoor present in the target environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/phpstudy_backdoor_rce.rb

Various Sources product

https://www.xp.cn/phpstudy

Scores

CVSS v4 9.3

EPSS 0.0117

EPSS Percentile 63.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

Henan Xiaopi Security Technology Co., Ltd./PHPStudy 2016 - 2018

Published Jul 03, 2025

Tracked Since Feb 18, 2026