CVE-2023-53868
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | 1.6.25 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53868 is a remote code execution vulnerability in Coppermine Gallery version 1.6.25. It allows authenticated attackers to upload malicious PHP files through the plugin manager by uploading a zipped PHP file containing system commands to the plugin directory. Once uploaded, the attacker can execute arbitrary code on the server by accessing the malicious plugin script, leading to full remote code execution. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to an attacker executing arbitrary code on your server remotely if they have an authenticated account. This means the attacker could potentially take full control of the server hosting Coppermine Gallery, access sensitive data, modify or delete files, and disrupt services. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unauthorized or suspicious PHP files uploaded in the plugins directory of Coppermine Gallery, especially ZIP archives uploaded via the plugin manager interface (pluginmgr.php?op=upload). You can look for recently added PHP files in the plugins directory. For example, on a Linux server, you can run commands like: 1. `find /path/to/coppermine/plugins/ -name '*.php' -mtime -7` to find PHP files modified or created in the last 7 days. 2. Check web server logs for accesses to plugin upload endpoints or unusual requests to plugin PHP files. 3. Use grep to search for suspicious PHP code patterns in the plugins directory, e.g., `grep -r '<?php' /path/to/coppermine/plugins/`. These steps help identify if malicious PHP files have been uploaded and accessed. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Restrict or disable the plugin upload functionality in Coppermine Gallery until a patch or update is applied. 2. Remove any suspicious or unauthorized PHP files from the plugins directory. 3. Ensure that only trusted and authenticated users have access to the plugin manager. 4. Apply any available security patches or upgrade Coppermine Gallery to a version that fixes this vulnerability. 5. Monitor server logs for suspicious activity related to plugin uploads or execution. 6. Consider implementing web application firewall (WAF) rules to block malicious upload attempts. [1, 2]