Dimensional

Name of the Vulnerable Software and Affected Versions: PHPStudy versions 2016 through 2018 Description: A backdoor in PHPStudy allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the `Accept-Charset` HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system. Recommendations: For PHPStudy versions 2016 through 2018, consider disabling the acceptance of base64-encoded PHP payloads in the `Accept-Charset` HTTP header as a temporary workaround until a patch is available. Restrict access to the web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.