CVE-2023-53888
Published: 15 December 2025
Summary
CVE-2023-53888 is a high-severity Code Injection (CWE-94) vulnerability in Zomp Zomplog. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).
Deeper analysis
CVE-2023-53888 is a remote code execution vulnerability affecting Zomplog 3.9, a blogging application. The flaw, classified under CWE-94 (Code Injection), enables authenticated attackers to inject and execute arbitrary PHP code via file manipulation endpoints. Specifically, attackers exploit the saveE and rename actions to upload malicious JavaScript files, rename them with .php extensions, and execute system commands.
Authenticated attackers with low privileges (PR:L) can exploit this vulnerability remotely (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS 3.1 score of 8.8. Successful exploitation allows full remote code execution on the server, potentially leading to complete system compromise.
Advisories, including one from Vulncheck, describe the issue as remote code execution via authenticated file manipulation. Proof-of-concept exploits are publicly available on Exploit-DB (ID 51624). An archived reference to the Zomplog project dates back to 2008, indicating it is legacy software with no mentioned patches in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-203421
Vulnerability details
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files (such as JavaScript) and rename them to .php via the saveE and rename…
more
actions, then execute the resulting PHP payload to run system commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote code execution in a public-facing web blogging application via authenticated file upload and rename to PHP for arbitrary code execution, directly enabling T1190 (Exploit Public-Facing Application) and facilitating web shell deployment and execution (T1100).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces authorization checks on the saveE and rename actions so that authenticated users cannot upload or rename files to achieve PHP code execution.
Restricts which authenticated accounts are permitted to perform file-manipulation changes that lead to arbitrary PHP payloads.
Validates file names, extensions, and content before allowing rename or save operations that convert JavaScript uploads into executable PHP.