CVE-2023-37152

CRITICAL

Online Art Gallery Project 1.0 - Unauthenticated Arbitrary File Upload via adminHome.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-37152. PoCs published by Ramil Mustafayev.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated arbitrary file upload vulnerability in Online Art Gallery Project 1.0, allowing attackers to upload a malicious PHP file via the adminHome.php page, leading to remote code execution.

Description

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ramil Mustafayev · pythonwebappsphp
https://www.exploit-db.com/exploits/51524

This exploit demonstrates an unauthenticated arbitrary file upload vulnerability in Online Art Gallery Project 1.0, allowing attackers to upload a malicious PHP file via the adminHome.php page, leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Online Art Gallery Project 1.0
No auth needed
Prerequisites: Target URL · Network access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.0167
EPSS Percentile 73.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
online_art_gallery_project/online_art_gallery 1.0
Published Jul 10, 2023
Tracked Since Feb 18, 2026