2023-07-26 18:46
CHT Security SOC Discovered Vulnerability in an Online Art Gallery Platform
Summary
Vulnerability List
[CVE-2023-37152] – Arbitrary File Upload cause RCE
Details
1. Arbitrary File Upload cause RCE
Description
An online art gallery platform allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page.
Impact
Attackers with admin permission could upload files arbitrarily under the "Slider Content" item on this page. If you upload malicious php, you can perform arbitrary operations on the remote machine.
Known Affected Software
- Version 1.0
Credits
- Noflag (CHT Security)