CVE-2023-53872
Unknown Unknown - Not Provided
OS Command Injection in Wp2Fac 1.0 send.php Endpoint

Publication date: 2025-12-15

Last updated on: 2025-12-15

Assigner: VulnCheck

Description
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-15
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53872
EUVD
EUVD-2025-203409
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
metinyesil wp2fac 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53872 is a critical OS command injection vulnerability in Wp2Fac version 1.0, specifically in the send.php endpoint. It allows remote attackers to execute arbitrary system commands by injecting shell commands through the 'numara' parameter. Attackers append shell commands using '&' operators, enabling them to run malicious code on the server without any privileges or user interaction. [2, 3]

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote code execution on the server hosting Wp2Fac. Attackers can execute arbitrary system commands, potentially leading to full system compromise, data theft, service disruption, or the establishment of persistent backdoors such as reverse shells. The high CVSS score of 9.3 reflects its critical nature and the high impact on confidentiality, integrity, and availability of the affected system. [2, 3]

Detection Guidance

This vulnerability can be detected by sending crafted POST requests to the send.php endpoint with the 'numara' parameter containing shell command injection payloads. For example, using curl to test command injection: curl -X POST -d "numara=1234567890 & whoami &" http://<target>/send.php. If the server executes the injected command, it indicates the vulnerability. Additionally, monitoring network traffic for unusual POST requests to send.php with suspicious 'numara' parameter values can help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include disabling or restricting access to the send.php endpoint, especially from untrusted networks. Validate and sanitize all inputs to the 'numara' parameter to prevent command injection. If possible, apply patches or updates from the vendor or remove the vulnerable module until a fix is available. Additionally, monitor logs for suspicious activity and consider implementing web application firewalls (WAF) rules to block malicious payloads targeting this vulnerability. [3, 1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53872. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart