PT-2023-22010 · Nophp · Nophp
Paijp
·
Published
2023-04-03
·
Updated
2023-04-12
·
CVE-2023-28854
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
nophp versions prior to 0.0.1
Description
The issue affects the nophp PHP web framework, where versions prior to 0.0.1 are vulnerable to shell command injection on the httpd user. A patch was made available to address this issue.
Recommendations
For versions prior to 0.0.1, update index.php to 2023-03-30 or later.
As a temporary workaround for versions prior to 0.0.1, consider adding a function such as
env patchsample230330.php to env.php.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nophp