PT-2023-25810 · Unknown · Projectworlds Online Art Gallery Project
Noflag
·
Published
2023-07-10
·
Updated
2024-08-02
·
CVE-2023-37152
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Projectworlds Online Art Gallery Project version 1.0
Description
The issue allows unauthenticated users to perform arbitrary file uploads via the "adminHome.php" page. However, it is noted that the validity of this issue has been disputed.
Recommendations
For Projectworlds Online Art Gallery Project version 1.0, as a temporary workaround, consider restricting access to the "adminHome.php" page to prevent arbitrary file uploads until the dispute is resolved or a patch is available.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Projectworlds Online Art Gallery Project