CVE-2023-3767

critical

Description

An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.

References

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/inyeccion-de-comandos-os-en-easyphp-webserver

Details

Source: Mitre, NVD

Published: 2023-09-27

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H