← Volver a CVEs
CVE-2023-53894
CRITICAL9.8
Descripcion
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/16/2025
Ultima modificacion1/21/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
dulldusk:phpfilemanager
Debilidades (CWE)
CWE-1390
Referencias
https://www.dulldusk.com/phpfm/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/51594(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/phpfm-authentication-bypass-via-type-juggling-vulnerability(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.