CVE-2025-34061 – PHPStudy Unauthenticated Remote Code Execution Backdoor

July 3, 2025

CVE ID : CVE-2025-34061

Published : July 3, 2025, 8:15 p.m. | 3 hours, 5 minutes ago

Description : A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34082 – IGEL OS Command Injection Vulnerability

Next Article CVE-2025-45809 – BerriAI litellm SQL Injection Vulnerability

Highlights

CVE-2025-5985 – Code-projects School Fees Payment System Remote Authentication Bypass Vulnerability

June 10, 2025

CVE ID : CVE-2025-5985

Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago

Description : A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-34061 – PHPStudy Unauthenticated Remote Code Execution Backdoor

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

5 gadgets I can’t go off-grid without (and why they make such a big difference)

OpenNumismat is coin collecting software

CVE-2025-52808 – RealtyElite PHP RFI Vulnerability

Populate is a Supercharged Seeder for Laravel

CVE-2025-5985 – Code-projects School Fees Payment System Remote Authentication Bypass Vulnerability

Tableau UI automation

CVE-2025-23178 – Apache HTTP Server SSL/TLS Channel Hijacking Vulnerability

VS klaagt verdachte aan voor ransomware-aanvallen tegen Exchange-servers

CVE-2025-34061 – PHPStudy Unauthenticated Remote Code Execution Backdoor

Related Posts