CVE-2023-3767

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 27, 2023

CWE ID 77

Summary

CVE-2023-3767 is an OS command injection vulnerability that affects EasyPHP Webserver version 14.1. An attacker can exploit this weakness by sending a maliciously crafted request to the /index.php?zone=settings parameter. Successful exploitation could grant the attacker full system access, potentially leading to significant data theft or system compromise. Users are advised to update their EasyPHP installations as soon as possible to protect against this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mirth Connect

Affected Vendors

NextGen

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r8dNOi
https://www.cve.org/CVERecord?id=CVE-2023-3767
https://nvd.nist.gov/vuln/detail/CVE-2023-3767

Back to Vulnerability Database