PT-2023-25810 · Unknown · Projectworlds Online Art Gallery Project

Noflag

Publicado

2023-07-10

Atualizado

2024-08-02

CVE-2023-37152

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Projectworlds Online Art Gallery Project version 1.0

Description The issue allows unauthenticated users to perform arbitrary file uploads via the "adminHome.php" page. However, it is noted that the validity of this issue has been disputed.

Recommendations For Projectworlds Online Art Gallery Project version 1.0, as a temporary workaround, consider restricting access to the "adminHome.php" page to prevent arbitrary file uploads until the dispute is resolved or a patch is available.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-37152

Produtos afetados

Projectworlds Online Art Gallery Project

PT-2023-25810 · Unknown · Projectworlds Online Art Gallery Project

CVE-2023-37152

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7