CVE-2023-53868

Name of the Vulnerable Software and Affected Versions Coppermine Gallery version 1.6.25

Description Coppermine Gallery version 1.6.25 has a remote code execution issue. Authenticated attackers can upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file containing system commands to the plugin directory and then execute arbitrary code by accessing the uploaded plugin script. The vulnerability affects systems where an authenticated user has the ability to manage plugins.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the plugin manager functionality to prevent unauthorized file uploads.