CNNVD-202512-2629 Information

CNNVD ID

CNNVD-202512-2629

Related CVE

CVE-2023-53888

• CNNVD Published: 2025-12-15

Description (Chinese)

Zomplog是Zomplog开源的一个Web日志系统。 Zomplog 3.9版本存在安全漏洞，该漏洞源于允许经过身份验证的攻击者通过文件操作端点注入和执行任意PHP代码，可能导致远程代码执行。

Description (English)

Zomplog is a Web log system open to Zomplog. There is a security loophole in version Zomplog 3.9, which stems from allowing an identified assailant to inject and enforce any PHP code through the endpoint of the document operation, which may result in remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Zomplog

Published

2025-12-15

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/51624 http://zomp.nl/zomplog/ https://web.archive.org/web/20080616153330/ https://www.vulncheck.com/advisories/zomplog-remote-code-execution-via-authenticated-file-manipulation https://access.redhat.com/security/cve/cve-2023-53888