Remote Code Execution Vulnerability in Simple Image Gallery by Simple Solutions
CVE-2023-27040

9.8CRITICAL

Key Information:

Vendor: Simple Image Gallery Web App Project
Status: Simple Image Gallery Web App
Vendor: CVE Published:; 16 March 2023

🔔 Create Simple Image Gallery Web App Project Vulnerability Alert

What is CVE-2023-27040?

The Simple Image Gallery version 1.0 has been identified with a remote code execution flaw that can be exploited through the username parameter. Attackers can manipulate this vulnerability, potentially allowing them to execute arbitrary code on the affected system, leading to unauthorized access and significant security breaches. Organizations using this product should take immediate steps to patch the vulnerability to safeguard their environments.

References

https://www.exploit-db.com/exploits/50214

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Feb 27, 2023