CHT Security SOC Discovered Vulnerability in an Online Art Gallery Platform

Summary

Vulnerability List

[CVE-2023-37152] – Arbitrary File Upload cause RCE

Details

1. Arbitrary File Upload cause RCE

Description

An online art gallery platform allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page.

Impact

Attackers with admin permission could upload files arbitrarily under the "Slider Content" item on this page. If you upload malicious php, you can perform arbitrary operations on the remote machine.

Known Affected Software

• Version 1.0

Credits

• Noflag (CHT Security)