CVE-2023-53872
OS Command Injection in Wp2Fac 1.0 send.php Endpoint
Publication date: 2025-12-15
Last updated on: 2025-12-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| metinyesil | wp2fac | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53872 is a critical OS command injection vulnerability in Wp2Fac version 1.0, specifically in the send.php endpoint. It allows remote attackers to execute arbitrary system commands by injecting shell commands through the 'numara' parameter. Attackers append shell commands using '&' operators, enabling them to run malicious code on the server without any privileges or user interaction. [2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution on the server hosting Wp2Fac. Attackers can execute arbitrary system commands, potentially leading to full system compromise, data theft, service disruption, or the establishment of persistent backdoors such as reverse shells. The high CVSS score of 9.3 reflects its critical nature and the high impact on confidentiality, integrity, and availability of the affected system. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the send.php endpoint with the 'numara' parameter containing shell command injection payloads. For example, using curl to test command injection: curl -X POST -d "numara=1234567890 & whoami &" http://<target>/send.php. If the server executes the injected command, it indicates the vulnerability. Additionally, monitoring network traffic for unusual POST requests to send.php with suspicious 'numara' parameter values can help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the send.php endpoint, especially from untrusted networks. Validate and sanitize all inputs to the 'numara' parameter to prevent command injection. If possible, apply patches or updates from the vendor or remove the vulnerable module until a fix is available. Additionally, monitor logs for suspicious activity and consider implementing web application firewalls (WAF) rules to block malicious payloads targeting this vulnerability. [3, 1]