Description

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.

INFO

Published Date :

2025-12-16T17:06:14.418Z

Last Modified :

2026-04-07T14:07:19.416Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53895 vulnerability.

Vendors Products
Pimpmylog
  • Pimpmylog
Potsky
  • Pimp My Log
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53895.

URL Resource
https://github.com/potsky/PimpMyLog cve-icon cve-icon
https://www.exploit-db.com/exploits/51593 cve-icon cve-icon
https://www.pimpmylog.com/ cve-icon cve-icon
https://www.vulncheck.com/advisories/pimpmylog-improper-access-control-via-account-creation-endpoint cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact