CVE-2023-53888
8.8 HIGHZomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code t...
Published: 2025-12-15 · Last updated: 2025-12-24
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-94
Affected products
| Vendor | Product |
|---|---|
| zomp | zomplog |
Description
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2023-53888
- [Other]https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/
- [Exploit reference]https://www.exploit-db.com/exploits/51624
- [Exploit reference]https://www.vulncheck.com/advisories/zomplog-remote-code-execution-via-authenticated-file-manipulation
- [Exploit reference]https://www.exploit-db.com/exploits/51624
Related CVEs
Same CWE
- CVE-2026-24155 — NVIDIA NeMo Framework for all platforms contains a code injection vulnerability (7.8 HIGH)
- CVE-2026-49774 — Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion (9.9 CRITICAL)
- CVE-2026-48017 — DbGate is cross-platform database manager (8.8 HIGH)
- CVE-2026-48836 — Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions (10.0 CRITICAL)
- CVE-2026-48124 — Cursor is a code editor built for programming with AI