CVE-2023-53872

Sažetak

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.

Reference

https://github.com/metinyesil/wp2fac
https://www.exploit-db.com/exploits/51717
https://www.vulncheck.com/advisories/wpfac-os-command-injection-via-sendphp-endpoint

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

16-12-2025 - 14:10

Objavljeno

15-12-2025 - 21:15