Cyber Resilience

CVE-2023-53888

HighPublic PoCRCEUpdated

Published: 15 December 2025

Published
15 December 2025
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0086 75.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53888 is a high-severity Code Injection (CWE-94) vulnerability in Zomp Zomplog. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2023-53888 is a remote code execution vulnerability affecting Zomplog 3.9, a blogging application. The flaw, classified under CWE-94 (Code Injection), enables authenticated attackers to inject and execute arbitrary PHP code via file manipulation endpoints. Specifically, attackers exploit the saveE and rename actions to upload malicious JavaScript files, rename them with .php extensions, and execute system commands.

Authenticated attackers with low privileges (PR:L) can exploit this vulnerability remotely (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS 3.1 score of 8.8. Successful exploitation allows full remote code execution on the server, potentially leading to complete system compromise.

Advisories, including one from Vulncheck, describe the issue as remote code execution via authenticated file manipulation. Proof-of-concept exploits are publicly available on Exploit-DB (ID 51624). An archived reference to the Zomplog project dates back to 2008, indicating it is legacy software with no mentioned patches in the provided references.

EU & UK References

Vulnerability details

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files (such as JavaScript) and rename them to .php via the saveE and rename…

more

actions, then execute the resulting PHP payload to run system commands.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

The vulnerability is a remote code execution in a public-facing web blogging application via authenticated file upload and rename to PHP for arbitrary code execution, directly enabling T1190 (Exploit Public-Facing Application) and facilitating web shell deployment and execution (T1100).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-57487Shared CWE-94
CVE-2025-70995Shared CWE-94
CVE-2026-32367Shared CWE-94
CVE-2026-3352Shared CWE-94
CVE-2026-30117Shared CWE-94
CVE-2026-45708Shared CWE-94
CVE-2024-50660Shared CWE-94
CVE-2026-26699Shared CWE-94
CVE-2025-70073Shared CWE-94
CVE-2024-13890Shared CWE-94

Affected Assets

zomp
zomplog
3.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces authorization checks on the saveE and rename actions so that authenticated users cannot upload or rename files to achieve PHP code execution.

prevent

Restricts which authenticated accounts are permitted to perform file-manipulation changes that lead to arbitrary PHP payloads.

prevent

Validates file names, extensions, and content before allowing rename or save operations that convert JavaScript uploads into executable PHP.

References