CVE-2023-53895

Source
https://cve.org/CVERecord?id=CVE-2023-53895
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53895.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53895
Published
2025-12-16T17:06:14.418Z
Modified
2026-07-08T06:47:34.260115174Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint
Details

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53895.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-285"
    ]
}
References

Affected packages

Git / github.com/potsky/pimpmylog

Affected ranges

Type
GIT
Repo
https://github.com/potsky/pimpmylog
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ],
    "cpe": "cpe:2.3:a:potsky:pimp_my_log:1.7.14:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.7.14"
        },
        {
            "last_affected": "1.7.14"
        }
    ]
}

Affected versions

1.*
1.7.14
v1.*
v1.7.14

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53895.json"