VYPR
Unrated severityOSV Advisory· Published Dec 16, 2025· Updated Apr 7, 2026

PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint

CVE-2023-53895

Description

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.