216.73.216.67

CVE-2023-53888

· Published 15/12/2025 21:15 · Modified 16/12/2025 14:10

Labels: CVE-2023-53888 2025-12-15CVE-2023-53888[email protected]

Essential information

Published
15/12/2025 21:15
Modified
16/12/2025 14:10
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.

NVD status

Status
Undergoing Analysis — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source
[email protected]
NVD
View on NVD

References