Primary

Context

PHPStudy Backdoor Remote Code Execution Vulnerability

Vulnerability

A backdoor vulnerability allowing unauthenticated remote code execution has been identified in PHPStudy versions 2016 through 2018. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests. Once received, the payloads are decoded and executed without proper validation, leading to arbitrary code execution on the server as the web server user.

Impact

Exploitation of this vulnerability allows for arbitrary PHP code execution on the affected system, with the executed code running as the web server user.

Reproduction

To reproduce this vulnerability, send a GET request to the target PHPStudy installation with the Accept-Charset header containing a base64-encoded PHP payload. The server will decode and execute the payload, allowing for remote code execution.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.2

threat

7.9

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.2

threat

7.9

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHPStudy Backdoor Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating