CVE-2023-44267: Online Art Gallery v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
First published: Thu Oct 26 2023(Updated: )
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Online Art Gallery | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-44267?
CVE-2023-44267 is a vulnerability that allows multiple unauthenticated SQL injections in Online Art Gallery v1.0.
How does CVE-2023-44267 impact Online Art Gallery v1.0?
CVE-2023-44267 allows attackers to perform SQL injections by manipulating the 'lnm' parameter in the header.php resource of Online Art Gallery v1.0.
What is the severity of CVE-2023-44267?
CVE-2023-44267 has a severity rating of 9.8 (Critical).
How can I fix CVE-2023-44267 vulnerability in Online Art Gallery v1.0?
To fix CVE-2023-44267, it is recommended to implement proper input validation and parameterized queries to prevent SQL injections in the 'lnm' parameter of the header.php resource.
Are there any references for CVE-2023-44267?
Yes, you can find more information about CVE-2023-44267 in the following references: https://https://projectworlds.in/ and https://fluidattacks.com/advisories/ono
- collector/nvd-api
- agent/references
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/projectworlds
- canonical/projectworlds online art gallery
- version/projectworlds online art gallery/1.0