CNNVD-202512-2645 Information

CNNVD ID

CNNVD-202512-2645

Related CVE

CVE-2023-53872

• CNNVD Published: 2025-12-15

Description (Chinese)

wp2fac是Metin Yeşil个人开发者的一个验证码发送模块。 wp2fac 1.0版本存在操作系统命令注入漏洞，该漏洞源于send.php端点存在OS命令注入，可能导致执行任意系统命令。

Description (English)

wp2fac is a validation code delivery module for Metin Yeşil personal developers. Wp2fac Version 1.0 contains an operational system command-injecting loophole, which stems from the presence of an OS-injection at the send.php endpoint, which may result in the execution of an arbitrary system-injection.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2025-12-15

Last Modified

2026-02-24

References

https://github.com/metinyesil/wp2fac https://www.vulncheck.com/advisories/wpfac-os-command-injection-via-sendphp-endpoint https://www.exploit-db.com/exploits/51717 https://access.redhat.com/security/cve/cve-2023-53872