{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53888","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-15T01:02:32.434Z","datePublished":"2025-12-15T20:28:22.684Z","dateUpdated":"2026-04-07T14:07:13.525Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-04-07T14:07:13.525Z"},"title":"Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation","descriptions":[{"lang":"en","value":"Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Control of Generation of Code ('Code Injection')","cweId":"CWE-94","type":"CWE"}]}],"affected":[{"vendor":"Zomplog","product":"Zomplog","versions":[{"version":"3.9","status":"affected"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":7.2,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/51624","name":"ExploitDB-51624","tags":["exploit"]},{"url":"https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/","name":"Zomplog Archived Product Webpage","tags":["product"]},{"name":"VulnCheck Advisory: Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/zomplog-remote-code-execution-via-authenticated-file-manipulation"}],"credits":[{"lang":"en","value":"Mirabbas Ağalarov","type":"finder"}],"x_generator":{"engine":"vulncheck"},"datePublic":"2023-07-28T00:00:00.000Z"},"adp":[{"references":[{"url":"https://www.exploit-db.com/exploits/51624","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-15T21:37:41.656853Z","id":"CVE-2023-53888","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-15T21:46:37.310Z"}}]}}