Home

Description

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.

PUBLISHED Reserved 2025-12-13 | Published 2025-12-15 | Updated 2025-12-15 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

1.0
affected

Credits

Ahmet Ümit BAYRAM finder

References

www.exploit-db.com/exploits/51717 (ExploitDB-51717) exploit

github.com/metinyesil/wp2fac (wp2fac GitHub Repository) product

www.vulncheck.com/...-command-injection-via-sendphp-endpoint (VulnCheck Advisory: Wp2Fac 1.0 OS Command Injection via send.php Endpoint) third-party-advisory

cve.org (CVE-2023-53872)

nvd.nist.gov (CVE-2023-53872)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.