Login Sign Up

CVE-2020-28687

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to upload arbitrary files through the edit profile functionality in ARTWORKS GALLERY software. Attackers can upload malicious files like web shells to gain unauthorized access and control over affected systems. Anyone using ARTWORKS GALLERY 1.0 is affected.

💻 Affected Systems

Products:
  • ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL
Versions: 1.0
Operating Systems: Any OS running PHP web server
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of version 1.0 regardless of configuration

📦 What is this software?

Artworks Gallery In Php\, Css\, Javascript\, And Mysql by Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project

View all CVEs affecting Artworks Gallery In Php\, Css\, Javascript\, And Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, data theft, defacement, and use as attack platform

🟠

Likely Case

Web shell upload leading to unauthorized access, file manipulation, and potential lateral movement

🟢

If Mitigated

Unauthorized file upload prevented, maintaining normal gallery functionality

🌐 Internet-Facing: HIGH - Directly exploitable from internet without authentication
🏢 Internal Only: MEDIUM - Still exploitable but requires internal network access

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code available on Packet Storm, requires no authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative gallery software or implementing workarounds.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement server-side file type validation and restrict uploads to specific extensions

Modify PHP upload handling to check file extensions and MIME types

Disable Edit Profile Functionality

all

Temporarily disable the vulnerable edit profile feature

Comment out or remove edit profile functionality in PHP files

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block file uploads to edit profile endpoint
  • Restrict network access to gallery application using firewall rules

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a file with arbitrary extension through edit profile functionality

Check Version:

Check gallery software version in admin panel or configuration files

Verify Fix Applied:

Test that file uploads are properly validated and restricted

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to edit profile endpoint
  • Files with suspicious extensions (.php, .exe) in upload directories

Network Indicators:

  • POST requests to edit profile endpoint with file uploads
  • Unusual outbound connections from web server

SIEM Query:

web_uri="/edit-profile" AND http_method=POST AND content_type CONTAINS "multipart/form-data"

📊 Metadata

CVE ID: CVE-2020-28687
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: November 17, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28687, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)