CVE-2023-53888

Sažetak

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.

Reference

https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/
https://www.exploit-db.com/exploits/51624
https://www.vulncheck.com/advisories/zomplog-remote-code-execution-via-authenticated-file-manipulation
https://www.exploit-db.com/exploits/51624

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

24-12-2025 - 18:11

Objavljeno

15-12-2025 - 21:15