CVE-2023-53888

UNKNOWN 0.0

Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.

CWE	CWE-94
Vendor	zomplog
Product	zomplog
Published	Dec 15, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for zomplog zomplog

Be the first to know when new unknown vulnerabilities affecting zomplog zomplog are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Zomplog / Zomplog

3.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51624 web.archive.org: https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/ vulncheck.com: https://www.vulncheck.com/advisories/zomplog-remote-code-execution-via-authenticated-file-manipulation

Credits

Mirabbas Ağalarov