{"id":"CVE-2023-53868","details":"Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script.","modified":"2026-03-14T12:23:26.832718Z","published":"2025-12-15T21:15:49.107Z","references":[{"type":"WEB","url":"https://web.archive.org/web/20240101151648/https://coppermine-gallery.net/"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/coppermine-gallery-remote-code-execution-via-plugin-upload"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/51738"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/coppermine-gallery/cpg1.6.x","events":[{"introduced":"0"},{"last_affected":"44f0dbfd85a5cea4bdbc4e1cbcf276079b12ad4f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.6.25"}]}}],"versions":["v1.6.04","v1.6.05","v1.6.06","v1.6.07","v1.6.08","v1.6.09","v1.6.10","v1.6.11","v1.6.12","v1.6.13","v1.6.14","v1.6.15","v1.6.16","v1.6.17","v1.6.18","v1.6.19","v1.6.20","v1.6.21","v1.6.22","v1.6.23","v1.6.24","v1.6.25"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53868.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}