CVE-2023-53868
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-15

Last updated on: 2025-12-18

Assigner: VulnCheck

Description
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53868
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
coppermine-gallery coppermine_photo_gallery 1.6.25
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53868 is a remote code execution vulnerability in Coppermine Gallery version 1.6.25. It allows authenticated attackers to upload malicious PHP files through the plugin manager by uploading a zipped PHP file containing system commands to the plugin directory. Once uploaded, the attacker can execute arbitrary code on the server by accessing the malicious plugin script, leading to full remote code execution. [1, 2]

Impact Analysis

This vulnerability can lead to an attacker executing arbitrary code on your server remotely if they have an authenticated account. This means the attacker could potentially take full control of the server hosting Coppermine Gallery, access sensitive data, modify or delete files, and disrupt services. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for unauthorized or suspicious PHP files uploaded in the plugins directory of Coppermine Gallery, especially ZIP archives uploaded via the plugin manager interface (pluginmgr.php?op=upload). You can look for recently added PHP files in the plugins directory. For example, on a Linux server, you can run commands like: 1. `find /path/to/coppermine/plugins/ -name '*.php' -mtime -7` to find PHP files modified or created in the last 7 days. 2. Check web server logs for accesses to plugin upload endpoints or unusual requests to plugin PHP files. 3. Use grep to search for suspicious PHP code patterns in the plugins directory, e.g., `grep -r '<?php' /path/to/coppermine/plugins/`. These steps help identify if malicious PHP files have been uploaded and accessed. [2]

Mitigation Strategies

Immediate mitigation steps include: 1. Restrict or disable the plugin upload functionality in Coppermine Gallery until a patch or update is applied. 2. Remove any suspicious or unauthorized PHP files from the plugins directory. 3. Ensure that only trusted and authenticated users have access to the plugin manager. 4. Apply any available security patches or upgrade Coppermine Gallery to a version that fixes this vulnerability. 5. Monitor server logs for suspicious activity related to plugin uploads or execution. 6. Consider implementing web application firewall (WAF) rules to block malicious upload attempts. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53868. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart