CVE-2023-37152: Online Art gallery project 1.0 – Arbitrary File Upload (Unauthenticated)

Affected Product

Online Art gallery project

Affected version

1.0

CVE ID

CVE-2023-37152

Vulnerability Type

Arbitrary File Upload (Unauthenticated)

Type

WEBAPPS

Description

Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Due to the absence of an authentication mechanism and inadequate file validation, attackers can upload malicious files, potentially leading to remote code execution and unauthorized access to the server.

Proof of Concept

To exploit this vulnerability, an attacker needs to do the following:

1. Identify the URL of the target application where the Online Art gallery project is installed. For example, http://example.com
2. Use the below exploit to upload a simple backdoor to the server:

python 51524.py http://example.com

After successful upload, check the following URL: http://example.com/images/Slidersimple-backdoor.php?c=whoami

References

EDB-ID

• 51524

Exploit

• https://www.exploit-db.com/exploits/51524

Vendor Homepage

• https://github.com/projectworldsofficial

Software Link

• https://github.com/projectworlds32/Art-Gallary-php/archive/master.zip