CVE-2023-53941

CriticalPublic PoC

Published: 18 December 2025

Published

18 December 2025

Modified

26 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.7052 98.7th percentile

Risk Priority 62 60% EPSS · 20% KEV · 20% CVSS

Description

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to /index.php?zone=settings with crafted app_service_control values to execute commands…

with administrative privileges.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly prevents OS command injection by requiring validation and sanitization of the app_service_control parameter in incoming POST requests.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely remediation of the specific flaw in EasyPHP Webserver 14.1, eliminating the command injection vulnerability.

SC-7 Boundary Protection partial match

preventdetect

SC-7 enables boundary protection devices like WAFs to monitor and block malicious payloads targeting the vulnerable /index.php?zone=settings endpoint.

Security SummaryAI

CVE-2023-53941 is an OS command injection vulnerability (CWE-78) affecting EasyPHP Webserver 14.1. The flaw resides in the app_service_control parameter, which fails to properly sanitize user input, enabling attackers to inject and execute arbitrary system commands.

Unauthenticated remote attackers can exploit this vulnerability by sending POST requests to /index.php?zone=settings with specially crafted app_service_control payloads. Successful exploitation grants execution of commands with administrative privileges, potentially leading to full system compromise. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its critical severity due to low complexity and high impact on confidentiality, integrity, and availability.

VulnCheck has published an advisory on the remote code execution vulnerability in EasyPHP Webserver, while Exploit-DB hosts a proof-of-concept exploit (ID 51430). The vendor's site at easyphp.org provides additional context on the affected software. No specific patches or mitigations are detailed in the available references.

Details

CWE(s): CWE-78

Affected Products

easyphp

webserver

14.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.003 Windows Command Shell Execution

Adversaries may abuse the Windows command shell for execution.

attack.mitre.org →

Why these techniques?

Unauthenticated OS command injection in a public-facing web server parameter directly enables T1190 (Exploit Public-Facing Application) for initial access and T1059.003 (Windows Command Shell) for remote command execution with admin privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.easyphp.org/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51430
Exploit · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/easyphp-webserver-remote-code-execution
Third Party Advisory, Exploit · disclosure@vulncheck.com