CVE-2023-53868

HighPublic PoC

Published: 15 December 2025

Published

15 December 2025

Modified

18 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0063 70.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code…

by accessing the uploaded plugin script.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the unrestricted upload of dangerous PHP files in ZIP archives by validating and sanitizing inputs to the plugin manager.

SI-3 Malicious Code Protection good match

preventdetect

Scans uploaded ZIP files and plugins for malicious PHP code containing system commands at web application entry points.

CM-11 User-installed Software good match

prevent

Prohibits or controls user-installed plugins via the plugin manager to block unauthorized uploads of malicious software components.

Security SummaryAI

CVE-2023-53868 is a remote code execution vulnerability in Coppermine Gallery version 1.6.25. The flaw resides in the plugin manager component, which permits authenticated attackers to upload malicious PHP files packaged within zipped archives directly to the plugin directory.

Attackers require low-privilege authenticated access (PR:L) to exploit this over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By uploading a ZIP containing a PHP script with arbitrary system commands and then accessing the uploaded plugin script via the web interface, they can achieve remote code execution with high confidentiality, integrity, and availability impacts (C:H/I:H/A:H), as reflected in the CVSS v3.1 base score of 8.8. The issue stems from CWE-434 (Unrestricted Upload of File with Dangerous Type).

Advisories such as the VulnCheck report and public proof-of-concept exploits on Exploit-DB (ID 51738) detail the plugin upload mechanism enabling this RCE. The Coppermine Gallery website is preserved via web archive, with no patch details specified in the CVE information.

Details

CWE(s): CWE-434

Affected Products

coppermine-gallery

coppermine photo gallery

1.6.25

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

CVE enables exploitation of public-facing web application via unrestricted file upload (T1190), facilitating deployment and execution of web shells (T1100) for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://web.archive.org/web/20240101151648/https://coppermine-gallery.net/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51738
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/coppermine-gallery-remote-code-execution-via-plugin-upload
Third Party Advisory · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51738
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0