CVE-2023-53894

CVE-2023-53894 is an authentication bypass vulnerability in phpfm version 1.7.9, a PHP-based file manager. The flaw stems from loose type comparison in password hash validation, allowing attackers to craft specific password hashes beginning with "0e" or "00e" that evaluate as equal to the expected hash (such as MD5 hashes starting with those prefixes). This issue is classified under CWE-1390 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact on confidentiality, integrity, and availability.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network. By submitting a specially crafted password hash during login, they can bypass authentication entirely and gain unauthorized access to the phpfm interface. Once logged in, attackers can upload malicious PHP files to the server, potentially leading to remote code execution, full server compromise, or further lateral movement depending on server permissions and configuration.

Advisories and references, including those from Vulncheck (https://www.vulncheck.com/advisories/phpfm-authentication-bypass-via-type-juggling-vulnerability), Exploit-DB (https://www.exploit-db.com/exploits/51594), and the phpfm project site (https://www.dulldusk.com/phpfm/), document the vulnerability and provide exploit details, but no specific patches or mitigation steps are detailed in the CVE description. Security practitioners should review these sources for updates and consider disabling or upgrading phpfm installations.