CVE-2023-44267

Online Art Gallery v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

CVSS 9.8 CRITICALEPSS 0.7%CWE-89

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Projectworlds Pvt. Limited · Online Art Gallery

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fluidattacks.com/advisories/ono https://https://projectworlds.in/