QwikSec

Security Database

CVE

CWE

Training

CVE-2023-53888

Published: Dec 15, 2025

Modified: May 25, 2026

PUBLISHED

Description

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files (such as JavaScript) and rename them to .php via the saveE and rename actions, then execute the resulting PHP payload to run system commands.

Vendor	Product	Versions
Zomplog	Zomplog	affected `3.9`

Weaknesses (CWE)

References

ExploitDB-51624

exploit

Zomplog Archived Product Webpage

product

VulnCheck Advisory: Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.