QwikSec

Security Database

CVE

CWE

Training

CVE-2023-53868

Published: Dec 15, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.

Vendor	Product	Versions
Coppermine	coppermine-gallery	affected `1.6.25`

Weaknesses (CWE)

References

ExploitDB-51738

exploit

Coppermine Gallery Archived Product Webpage

product

https://www.vulncheck.com/advisories/coppermine-gallery-remote-code-execution-via-plugin-upload

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.