CVE-2023-53888

Name of the Vulnerable Software and Affected Versions Zomplog version 3.9

Description An authenticated attacker can inject and execute arbitrary PHP code through file manipulation endpoints. This is achieved by uploading malicious JavaScript files, renaming them to PHP, and then executing system commands via the saveE and rename actions within the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.