CVE-2023-53868

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
coppermine-gallerycoppermine_photo_gallery
1.6.25
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://web.archive.org/web/20240101151648/https://coppermine-gallery.net/
https://www.exploit-db.com/exploits/51738
https://www.vulncheck.com/advisories/coppermine-gallery-remote-code-execution-via-plugin-upload
https://www.exploit-db.com/exploits/51738