exploitDog

CVE-2023-53868

Опубликовано: 15 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.

Ссылки

https://web.archive.org/web/20240101151648/https://coppermine-gallery.net/
Product
https://www.exploit-db.com/exploits/51738
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/coppermine-gallery-remote-code-execution-via-plugin-upload
Third Party Advisory
https://www.exploit-db.com/exploits/51738
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:coppermine-gallery:coppermine_photo_gallery:1.6.25:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.0042

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-89cc-v8rr-9h8w

CVSS3: 8.8

github

около 2 месяцев назад

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.

EPSS

Процентиль: 61%

0.0042

Низкий

8.8 High

CVSS3

Дефекты

CWE-434