Vulnerability Details CVE-2023-53888
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files (such as JavaScript) and rename them to .php via the saveE and rename actions, then execute the resulting PHP payload to run system commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 52.4%
CVSS Severity
CVSS v3 Score 8.8
References