exploitDog

CVE-2023-53888

Опубликовано: 15 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.

Ссылки

https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/
Product
https://www.exploit-db.com/exploits/51624
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/zomplog-remote-code-execution-via-authenticated-file-manipulation
Third Party Advisory
Exploit
https://www.exploit-db.com/exploits/51624
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zomp:zomplog:3.9:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00601

Низкий

8.8 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-9g2h-fh68-3p2v

CVSS3: 8.8

github

около 2 месяцев назад

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.

EPSS

Процентиль: 69%

0.00601

Низкий

8.8 High

CVSS3

Дефекты

CWE-94