CVE-2023-37771 – Art Gallery Management System v1.0 has a SQL in... (How to Fix)

Q: What is the severity of CVE-2023-37771?

CVE-2023-37771 has a CVSS score of 9.8 (CRITICAL). Art Gallery Management System v1.0 has a SQL injection vulnerability in the product.php page's cid parameter that allows attackers to execute arbitrary SQL commands. This affects all systems running this specific version of the software. Attackers can potentially access, modify, or delete database content.

📋 TL;DR

Art Gallery Management System v1.0 has a SQL injection vulnerability in the product.php page's cid parameter that allows attackers to execute arbitrary SQL commands. This affects all systems running this specific version of the software. Attackers can potentially access, modify, or delete database content.

💻 Affected Systems

Products:

Art Gallery Management System

Versions: v1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the product.php endpoint specifically via the cid parameter.

📦 What is this software?

Art Gallery Management System by Phpgurukul

View all CVEs affecting Art Gallery Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, authentication bypass, and potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access, data manipulation, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via GET parameter requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Consider implementing parameterized queries and input validation in the product.php file.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to block malicious requests.

Input Validation Filter

all

Add input validation to sanitize the cid parameter before processing.

// PHP example: filter_var($_GET['cid'], FILTER_VALIDATE_INT);

🧯 If You Can't Patch

Restrict access to /agms/product.php endpoint using network controls or authentication.
Implement database user with minimal privileges to limit potential damage from SQL injection.

🔍 How to Verify

Check if Vulnerable:

Test the /agms/product.php?cid= parameter with SQL injection payloads like ' OR '1'='1.

Check Version:

Check the software version in the application interface or configuration files.

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return appropriate error messages or sanitized responses.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL syntax in web server logs for /agms/product.php requests
Multiple failed database queries from single IP

Network Indicators:

HTTP requests to /agms/product.php with SQL keywords in parameters

SIEM Query:

source="web_server" AND uri="/agms/product.php" AND (param="cid" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|or|and)")

📊 Metadata

CVE ID: CVE-2023-37771

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: July 31, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/anky-123/CVE-2023-37771/blob/main/CVE Exploit,Third Party Advisory
https://github.com/anky-123/CVE-2023-37771/blob/main/CVE Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37771, you might also want to check these: