CVE-2023-53872

Name of the Vulnerable Software and Affected Versions Wp2Fac version 1.0

Description The software contains an OS command injection issue in the send.php endpoint. This allows remote attackers to execute arbitrary system commands. The issue occurs because attackers can inject shell commands through the numara parameter by appending shell commands with '&' operators. This enables the execution of malicious code.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the send.php endpoint. Avoid using the numara parameter in the affected API endpoint until the issue is resolved.