CVE-2023-44267 – Online Art Gallery v1.0 contains unauthenticate... (How to Fix)

📋 TL;DR

Online Art Gallery v1.0 contains unauthenticated SQL injection vulnerabilities in the 'lnm' parameter of header.php. Attackers can execute arbitrary SQL commands without authentication, potentially compromising the entire database. All users running this specific software version are affected.

💻 Affected Systems

Products:

Online Art Gallery

Versions: v1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in default installation with no special configuration required.

📦 What is this software?

Online Art Gallery by Projectworlds

View all CVEs affecting Online Art Gallery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, including user credentials, sensitive gallery data, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-sensitive data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via GET/POST parameters requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check vendor website for updated version
2. If no patch available, implement workarounds
3. Consider replacing software if unsupported

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the 'lnm' parameter before database queries

Modify header.php to add: $lnm = mysqli_real_escape_string($connection, $_GET['lnm']);

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

🧯 If You Can't Patch

Isolate the system behind a reverse proxy with SQL injection filtering
Implement strict network segmentation and limit database access to application server only

🔍 How to Verify

Check if Vulnerable:

Test header.php with SQL injection payloads in 'lnm' parameter: header.php?lnm=1' OR '1'='1

Check Version:

Check software documentation or admin panel for version information

Verify Fix Applied:

Test with same payloads after fix - should return error or sanitized response

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts from single IP
Database queries with unusual patterns

Network Indicators:

HTTP requests with SQL keywords in parameters
Unusual database port traffic from web server

SIEM Query:

source="web_logs" AND ("sql" OR "union" OR "select" OR "' OR '") AND uri="*header.php*"

📊 Metadata

CVE ID: CVE-2023-44267

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: October 26, 2023

Last Updated: November 21, 2024

🔗 References

https://fluidattacks.com/advisories/ono Exploit,Third Party Advisory
https://https://projectworlds.in/ Broken Link
https://fluidattacks.com/advisories/ono Exploit,Third Party Advisory
https://https://projectworlds.in/ Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-44267, you might also want to check these: