VYPR
Unrated severityOSV Advisory· Published Dec 16, 2025· Updated Apr 7, 2026

phpfm 1.7.9 Authentication Bypass via Type Juggling Vulnerability

CVE-2023-53894

Description

phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.