{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1415","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-03-15T15:00:28.959Z","datePublished":"2023-03-15T15:00:56.548Z","dateUpdated":"2024-11-22T21:50:26.494Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-21T08:40:20.585Z"},"title":"Simple Art Gallery adminHome.php sliderPicSubmit unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"CWE-434 Unrestricted Upload"}]}],"affected":[{"vendor":"n/a","product":"Simple Art Gallery","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-223126 is the identifier assigned to this vulnerability."},{"lang":"de","value":"In Simple Art Gallery 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion sliderPicSubmit der Datei adminHome.php. Mit der Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-03-15T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-03-15T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-03-15T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-04-08T09:57:14.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"0xxtoby (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.223126","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.223126","tags":["signature","permissions-required"]},{"url":"https://github.com/0xxtoby/Vuldb/blob/main/SIMPLE%20ART%20GALLERY%20system%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf","tags":["related"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:49:11.385Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.223126","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.223126","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/0xxtoby/Vuldb/blob/main/SIMPLE%20ART%20GALLERY%20system%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf","tags":["related","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-22T21:50:14.162889Z","id":"CVE-2023-1415","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-22T21:50:26.494Z"}}]}}