CVE-2023-44375: Online Art Gallery v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
First published: Fri Oct 27 2023(Updated: )
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Online Art Gallery | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-44375.
What is the severity of CVE-2023-44375?
The severity of CVE-2023-44375 is critical with a CVSS score of 9.8.
How does Online Art Gallery v1.0 become vulnerable?
Online Art Gallery v1.0 becomes vulnerable due to multiple unauthenticated SQL injection vulnerabilities.
Which parameter is vulnerable in Online Art Gallery v1.0?
The 'add1' parameter of the header.php resource in Online Art Gallery v1.0 is vulnerable to SQL injection.
Are there any fix or patch available for this vulnerability?
It is recommended to apply the latest patch or update provided by the vendor to fix the multiple unauthenticated SQL injection vulnerabilities in Online Art Gallery v1.0.
- collector/nvd-api
- collector/mitre-cve
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/status
- agent/tags
- vendor/projectworlds
- canonical/projectworlds online art gallery
- version/projectworlds online art gallery/1.0
- status/rejected