CVE-2023-53868

Published: Dec 15, 2025Modified: Dec 18, 2025

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.

Affected (1)

Products: Coppermine Gallery: Coppermine Photo Gallery

Coppermine Gallery

1 product

Coppermine Photo Gallery

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Coppermine Gallery Coppermine Photo Gallery	Version 1.6.25

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://web.archive.org/web/20240101151648/https://coppermine-gallery.net/

Source: disclosure@vulncheck.com

Product

https://www.exploit-db.com/exploits/51738

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://www.vulncheck.com/advisories/coppermine-gallery-remote-code-execution-via-plugin-upload

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.exploit-db.com/exploits/51738

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.