Lucene search

[email protected]CVE-2023-37152

HistoryJul 10, 2023 - 4:15 p.m.

CVE-2023-37152

2023-07-1016:15:53

CWE-434

[email protected]

web.nvd.nist.gov

projectworlds

online art gallery

file upload

security vulnerability

unauthenticated access

adminhome.php

cve-2023-37152

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.

Affected configurations

NVD

Node

online_art_gallery_projectonline_art_galleryMatch1.0

CPENameOperatorVersion
online_art_gallery_project:online_art_galleryonline art gallery project online art galleryeq1.0

CPE	Name	Operator	Version
online_art_gallery_project:online_art_gallery	online art gallery project online art gallery	eq	1.0

References

github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Art%20gallery%20project%201.0.md

www.chtsecurity.com/news/ad3cee07-3e35-45c0-97f9-811cce13dda9

www.chtsecurity.com/news/afe25fb4-55ac-45d9-9ece-cbc1edda2fb2%20

www.exploit-db.com/exploits/51524

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2023-37152

cvelist1 nvd1 prion1