Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Coppermine Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-53868)

Description

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.

Remediation

References

Related Vulnerabilities

WordPress Plugin Pro Quoter Multiple Cross-Site Scripting Vulnerabilities (1.0)

ReviveAdserver Incorrect Authorization Vulnerability (CVE-2020-8142)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1999046)

OpenSSL Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2008-0166)

WordPress Plugin Easy Testimonial Slider Unspecified Vulnerability (1.0.2)

Severity

High

Classification

CVE-2023-53868 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities