What is CVE-2023-53941?

CVE-2023-53941 is a critical-severity vulnerability in Easyphp Webserver, classified under OS Command Injection. CVSS score: 9.8/10. Published 2025-12-18.

How severe is CVE-2023-53941?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Easyphp Webserver

CVE-2023-53941

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.708 (98.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Easyphp Webserver — versions 14.1

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

ExploitDB-51430 (exploit)
Official Product Homepage (product)
VulnCheck Advisory: EasyPHP Webserver 14.1 Remote Code Execution (third-party-advisory)

Frequently asked questions

What is CVE-2023-53941?: CVE-2023-53941 is a critical-severity vulnerability in Easyphp Webserver, classified under OS Command Injection. CVSS score: 9.8/10. Published 2025-12-18.
How severe is CVE-2023-53941?: Critical severity. CVSS v3 base score is 9.8 out of 10.