Lucene search

INCIBECVELIST:CVE-2023-3767

HistorySep 26, 2023 - 7:51 a.m.

CVE-2023-3767 OS command injection on EasyPHP Webserver

2023-09-2607:51:36

CWE-78

INCIBE

www.cve.org

command injection

easyphp

webserver

exploit

vulnerability

system access

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

33.9%

JSON

An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Webserver",
    "vendor": "EasyPHP",
    "versions": [
      {
        "status": "affected",
        "version": "14.1"
      }
    ]
  }
]

References

www.incibe.es/incibe-cert/alerta-temprana/avisos/inyeccion-de-comandos-os-en-easyphp-webserver

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

33.9%

JSON

Related for CVELIST:CVE-2023-3767