CVE-2023-37629
published 2023-07-12CVE-2023-37629: Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
15.03%
96.3th percentile
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simple_online_piggery_management_system_project | simple_online_piggery_management_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to add-pig.php with a multipart/form-data body containing a file upload field named 'pigphoto' with a .php filename — no authentication is required for exploitation. ↗
- →Detect PHP webshell access under the 'uploadfolder/' directory, especially requests with a 'cmd' query parameter, which indicates post-exploitation RCE activity. ↗
- →Alert on HTTP 302 redirect responses from add-pig.php that also contain 'successfully created' in the body following a multipart file upload with Content-Type application/x-php — this is the success condition used in the Nuclei template. ↗
- →The exploit uploads a file using the form field name 'pigphoto' with a .php extension and Content-Type application/x-php; detect this combination in multipart POST requests to add-pig.php. ↗
- ·The uploaded webshell is placed in the 'uploadfolder/' directory relative to the web root; the exact installation path prefix (e.g., '/pig/') may vary depending on deployment configuration. ↗
- ·The Nuclei template uses a randomized filename (rand_base(5).php) for the uploaded shell, meaning the exact filename will differ per exploitation attempt — detection should focus on the .php extension and application/x-php content-type rather than a static filename. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
exploitdb·2023-07-19·CVSS 9.8
CVE-2023-37629 [CRITICAL] Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
---
#!/bin/bash
# Exploit Title: Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
# Date: July 12 2023
# Exploit Author: 1337kid
# Software Link: https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html
# Version: 1.0
# Tested on: Ubuntu
# CVE : CVE-2023-37629
#
# chmod +x exploit.sh
# ./exploit.sh web_url
# ./exploit.sh http://127.0.0.1:8080/
echo " _____ _____ ___ __ ___ ____ ________ __ ___ ___ "
echo " / __\\ \\ / / __|_|_ ) \\_ )__ /__|__ /__ / /|_ ) _ \\"
echo " | (__ \\ V /| _|___/ / () / / |_ \\___|_ \\ / / _ \\/ /\\_, /"
echo " \\___| \\_/ |___| /___\\__/___|___/ |___//_/\\___/___|/_/ "
echo " @1337kid"
echo
if [[ $1 == '' ]];
Nuclei
Online Piggery Management System v1.0 - Unauthenticated File Upload
nuclei·CVSS 9.8
CVE-2023-37629 [CRITICAL] Online Piggery Management System v1.0 - Unauthenticated File Upload
Online Piggery Management System v1.0 - Unauthenticated File Upload
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php.
Template:
id: CVE-2023-37629
info:
name: Online Piggery Management System v1.0 - Unauthenticated File Upload
author: Harsh
severity: critical
description: |
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
Successful exploitation of this vulnerability could result in unauthorized access to the system, data leakage, or even complete compromise of t
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173656/Online-Piggery-Management-System-1.0-Shell-Upload.htmlhttps://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37629https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.htmlhttp://packetstormsecurity.com/files/173656/Online-Piggery-Management-System-1.0-Shell-Upload.htmlhttps://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37629https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html
2023-07-12
Published