CVE-2023-53888

Sažetak

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.

Reference

https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/
https://www.exploit-db.com/exploits/51624
https://www.vulncheck.com/advisories/zomplog-remote-code-execution-via-authenticated-file-manipulation
https://www.exploit-db.com/exploits/51624

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

16-12-2025 - 14:10

Objavljeno

15-12-2025 - 21:15