Vulnerability Details : CVE-2023-37152
Potential exploit
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.
Products affected by CVE-2023-37152
- cpe:2.3:a:online_art_gallery_project:online_art_gallery:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-37152
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-37152
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-37152
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-37152
-
https://www.exploit-db.com/exploits/51524
Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated) - PHP webapps ExploitExploit;Third Party Advisory;VDB Entry
-
https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Art%20gallery%20project%201.0.md
arbitrary-file-upload-RCE/Online Art gallery project 1.0.md at main · Trinity-SYT-SECURITY/arbitrary-file-upload-RCE · GitHubExploit;Third Party Advisory
-
https://www.chtsecurity.com/news/ad3cee07-3e35-45c0-97f9-811cce13dda9
CHT Security SOC Discovered Vulnerability in an Online Art Gallery Platform|中華資安國際 CHT Security Co., Ltd.
-
https://www.chtsecurity.com/news/afe25fb4-55ac-45d9-9ece-cbc1edda2fb2%20
中華資安國際發現CVE弱點,國外某開源畫廊平台具有一項漏洞|中華資安國際 CHT Security Co., Ltd.
Jump to