CVE-2023-53888
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-12-15

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files (such as JavaScript) and rename them to .php via the saveE and rename actions, then execute the resulting PHP payload to run system commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53888
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
zomp zomplog 3.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Zomplog 3.9 allows authenticated attackers to remotely execute arbitrary PHP code by exploiting file manipulation endpoints. Attackers can upload malicious JavaScript files containing embedded PHP code, rename these files to have a .php extension, and then execute system commands through the application’s saveE and rename actions. This occurs due to improper handling and validation of file uploads, enabling code injection and remote code execution. [1, 2]

Impact Analysis

The vulnerability can lead to remote code execution on the server hosting Zomplog 3.9, allowing attackers to run arbitrary system commands. This can compromise the server’s integrity, confidentiality, and availability, potentially leading to data theft, unauthorized access, system manipulation, or complete takeover of the affected system. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for suspicious file uploads and renaming actions on the Zomplog application, specifically looking for POST requests to 'zimplit.php?action=saveE' with JavaScript files containing embedded PHP code, and GET requests to 'zimplit.php?action=rename' that rename JavaScript files to PHP files. Commands to detect this could include inspecting web server logs for these specific requests or using tools like curl or wget to simulate these requests and check for unauthorized file manipulations. For example, you can grep your web server logs for 'zimplit.php?action=saveE' and 'zimplit.php?action=rename' to identify potential exploit attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting authenticated user permissions to prevent unauthorized file uploads and renaming, applying input validation and sanitization on file upload endpoints to block malicious payloads, and updating or patching Zomplog to a version that addresses this vulnerability if available. Additionally, monitoring and blocking suspicious requests to 'saveE' and 'rename' actions can help reduce exploitation risk. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53888. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart