QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34061

Published: Jul 3, 2025

Modified: Jul 7, 2025

PUBLISHED

Description

A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system.

Vendor	Product	Versions
Henan Xiaopi Security Technology Co., Ltd.	PHPStudy	affected `2016 - <= 2018`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/phpstudy_backdoor_rce.rb

exploit

https://www.xp.cn/phpstudy

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.