cbcvebase.
CVE-2023-37629
published 2023-07-12

CVE-2023-37629: Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."

PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
15.03%
96.3th percentile
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."

Affected

1 ranges
VendorProductVersion rangeFixed in
simple_online_piggery_management_system_projectsimple_online_piggery_management_system

Detection & IOCsextracted from sources · hover to see the quote

path/add-pig.php
path/pig/add-pig.php
pathuploadfolder/shell.php
filenameshell.php
urluploadfolder/shell.php?cmd=id
otherContent-Type: application/x-php
  • Monitor for unauthenticated POST requests to add-pig.php with a multipart/form-data body containing a file upload field named 'pigphoto' with a .php filename — no authentication is required for exploitation.
  • Detect PHP webshell access under the 'uploadfolder/' directory, especially requests with a 'cmd' query parameter, which indicates post-exploitation RCE activity.
  • Alert on HTTP 302 redirect responses from add-pig.php that also contain 'successfully created' in the body following a multipart file upload with Content-Type application/x-php — this is the success condition used in the Nuclei template.
  • The exploit uploads a file using the form field name 'pigphoto' with a .php extension and Content-Type application/x-php; detect this combination in multipart POST requests to add-pig.php.
  • ·The uploaded webshell is placed in the 'uploadfolder/' directory relative to the web root; the exact installation path prefix (e.g., '/pig/') may vary depending on deployment configuration.
  • ·The Nuclei template uses a randomized filename (rand_base(5).php) for the uploaded shell, meaning the exact filename will differ per exploitation attempt — detection should focus on the .php extension and application/x-php content-type rather than a static filename.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.