CVE-2023-53888

UNKNOWN 0.0

Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

CVSS Score

0.0

EPSS Score

0.9%

EPSS Percentile

75th

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files (such as JavaScript) and rename them to .php via the saveE and rename actions, then execute the resulting PHP payload to run system commands.

CWE	CWE-94
Vendor	zomplog
Product	zomplog
Published	Dec 15, 2025
Last Updated	May 25, 2026

Stay Ahead of the Next One

Get instant alerts for zomplog zomplog

Be the first to know when new unknown vulnerabilities affecting zomplog zomplog are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Zomplog / Zomplog

3.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51624 web.archive.org: https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/ vulncheck.com: https://www.vulncheck.com/advisories/zomplog-remote-code-execution-via-authenticated-file-manipulation

Credits

Mirabbas Ağalarov