Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2023-53894

phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.

Published: Dec 16, 2025
Updated: Dec 17, 2025
CVE: CVE-2023-53894
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-1390

Affected Software
References

No affected software listed.

https://www.dulldusk.com/phpfm/
https://www.exploit-db.com/exploits/51594
https://www.vulncheck.com/advisories/phpfm-authentication-bypass-via-type-juggling-vulnerability

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo