Home

Description

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.

PUBLISHED Reserved 2025-12-15 | Published 2025-12-15 | Updated 2025-12-15 | Assigner VulnCheck




HIGH: 7.2CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper Control of Generation of Code ('Code Injection')

Product status

3.9
affected

Credits

Mirabbas Ağalarov finder

References

www.exploit-db.com/exploits/51624 exploit

www.exploit-db.com/exploits/51624 (ExploitDB-51624) exploit

web.archive.org/web/20080616153330/http://zomp.nl/zomplog/ (Zomplog Archived Product Webpage) product

www.vulncheck.com/...ion-via-authenticated-file-manipulation (VulnCheck Advisory: Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation) third-party-advisory

cve.org (CVE-2023-53888)

nvd.nist.gov (CVE-2023-53888)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.