Vulnerability Details CVE-2023-53895
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.3%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-53895
-
cpe:2.3:a:potsky:pimp_my_log:1.7.14