Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
References
| Link | Resource |
|---|---|
| https://fluidattacks.com/advisories/ono | Exploit Third Party Advisory |
| https://https://projectworlds.in/ | Broken Link |
| https://fluidattacks.com/advisories/ono | Exploit Third Party Advisory |
| https://https://projectworlds.in/ | Broken Link |
Configurations
History
21 Nov 2024, 08:25
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fluidattacks.com/advisories/ono - Exploit, Third Party Advisory | |
| References | () https://https://projectworlds.in/ - Broken Link |
03 Nov 2023, 19:50
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Projectworlds
Projectworlds online Art Gallery |
|
| CPE | cpe:2.3:a:projectworlds:online_art_gallery:1.0:*:*:*:*:*:*:* | |
| References | (MISC) https://https://projectworlds.in/ - Broken Link | |
| References | (MISC) https://fluidattacks.com/advisories/ono - Exploit, Third Party Advisory |
26 Oct 2023, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. |
26 Oct 2023, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-26 20:15
Updated : 2024-11-21 08:25
NVD link : CVE-2023-44267
Mitre link : CVE-2023-44267
CVE.ORG link : CVE-2023-44267
JSON object : View
Products Affected
projectworlds
- online_art_gallery
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')