Unrated severityOSV Advisory· Published Dec 16, 2025· Updated Apr 7, 2026
PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint
CVE-2023-53895
Description
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/51593mitreexploit
- www.vulncheck.com/advisories/pimpmylog-improper-access-control-via-account-creation-endpointmitrethird-party-advisory
- www.pimpmylog.commitreproduct
News mentions
0No linked articles in our index yet.