← back
CVE-2025-34061

PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability

CVSS 9.3 CRITICALEPSS 1.2%CWE-94
Vexday Risk Score
63High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.3EPSS 1.2%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
20 Sep 2019Metasploit module available
03 Jul 2025Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Henan Xiaopi Security Technology Co., Ltd. · PHPStudy
public PoCs found1
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/phpstudy_backdoor_rce.rbunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/phpstudy_backdoor_rce.rbhttps://www.xp.cn/phpstudy