Vulnerability Description
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Online Art Gallery Project | Online Art Gallery | 1.0 |
Related Weaknesses (CWE)
References
- https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/OnliExploitThird Party Advisory
- https://www.chtsecurity.com/news/ad3cee07-3e35-45c0-97f9-811cce13dda9
- https://www.chtsecurity.com/news/afe25fb4-55ac-45d9-9ece-cbc1edda2fb2%20
- https://www.exploit-db.com/exploits/51524ExploitThird Party AdvisoryVDB Entry
- https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/OnliExploitThird Party Advisory
- https://www.chtsecurity.com/news/ad3cee07-3e35-45c0-97f9-811cce13dda9
- https://www.chtsecurity.com/news/afe25fb4-55ac-45d9-9ece-cbc1edda2fb2%20
- https://www.exploit-db.com/exploits/51524ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2023-37152?
CVE-2023-37152 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.
How severe is CVE-2023-37152?
CVE-2023-37152 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-37152?
Check the references section above for vendor advisories and patch information. Affected products include: Online Art Gallery Project Online Art Gallery.