Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/ono | Exploit Third Party Advisory |
https://https://projectworlds.in/ | Broken Link |
Configurations
History
03 Nov 2023, 19:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Projectworlds
Projectworlds online Art Gallery |
|
CPE | cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:* | |
References | (MISC) https://https://projectworlds.in/ - Broken Link | |
References | (MISC) https://fluidattacks.com/advisories/ono - Exploit, Third Party Advisory |
26 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. |
26 Oct 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-26 20:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-44267
Mitre link : CVE-2023-44267
CVE.ORG link : CVE-2023-44267
JSON object : View
Products Affected
projectworlds
- online_art_gallery
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')