← Zuruck zu CVEs
CVE-2023-53894
CRITICAL9.8
Beschreibung
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/16/2025
Zuletzt geandert1/21/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
dulldusk:phpfilemanager
Schwachen (CWE)
CWE-1390
Referenzen
https://www.dulldusk.com/phpfm/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/51594(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/phpfm-authentication-bypass-via-type-juggling-vulnerability(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.