CVE-2023-27040
Published: 16 March 2023
Summary
CVE-2023-27040 is a critical-severity Injection (CWE-74) vulnerability in Simple Image Gallery Web App Project Simple Image Gallery Web App. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 11.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Simple Image Gallery version 1.0 contains a remote code execution vulnerability that is triggered through the username parameter. The flaw is tracked as CVE-2023-27040, carries a CVSS v3.1 score of 9.8, and is associated with CWE-74. The affected component allows unauthenticated network access to execute arbitrary code on the server.
An attacker with no credentials or user interaction can supply a crafted username value over the network to achieve full system compromise, including the ability to read, modify, or delete data and execute commands. Public exploit code for this issue has been available on Exploit-DB since shortly after disclosure.
The EPSS score for the vulnerability rose from a low baseline to a peak of 0.0732 on 2025-01-22 before receding to its current value of 0.0362, indicating a period of increased exploitation interest well after the original publication date. No vendor advisory or patch information is referenced in the available sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-30829
Vulnerability details
Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.