CVE-2025-34061 – PHPStudy Unauthenticated Remote Code Execution Backdoor

CVE ID : CVE-2025-34061

Published : July 3, 2025, 8:15 p.m. | 43 minutes ago

Description : A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…