Lucene search

[email protected]NVD:CVE-2023-37152

HistoryJul 10, 2023 - 4:15 p.m.

CVE-2023-37152

2023-07-1016:15:53

CWE-434

[email protected]

web.nvd.nist.gov

online art gallery

unauthenticated users

file uploads

admin page

disputed vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.

Affected configurations

NVD

Node

online_art_gallery_projectonline_art_galleryMatch1.0

References

github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Art%20gallery%20project%201.0.md

www.chtsecurity.com/news/ad3cee07-3e35-45c0-97f9-811cce13dda9

www.chtsecurity.com/news/afe25fb4-55ac-45d9-9ece-cbc1edda2fb2%20

www.exploit-db.com/exploits/51524

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for NVD:CVE-2023-37152

cve1 cvelist1 prion1