CRITICAL🇵🇱 Wersja polska

CVE-2023-53894

CVSS 9.3v4.0pub. 2025-12-16upd. 2026-01-21

phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Dulldusk Phpfilemanager

    APP
    Dulldusk
    1.7.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2019-25632MEDIUM6.9ten sam produkt

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to re...

CVE-2024-5673MEDIUM6.1ten sam produkt

Vulnerability in Dulldusk's PHP File Manager affecting version 1.7.8. This vulnerability consists of an XSS th...