Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.
References
Link | Resource |
---|---|
http://doctors.com | Broken Link |
http://sourcecodetester.com | Broken Link |
https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568 | Exploit Third Party Advisory |
http://doctors.com | Broken Link |
http://sourcecodetester.com | Broken Link |
https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:57
Type | Values Removed | Values Added |
---|---|---|
References | () http://doctors.com - Broken Link | |
References | () http://sourcecodetester.com - Broken Link | |
References | () https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568 - Exploit, Third Party Advisory |
Information
Published : 2022-05-04 15:15
Updated : 2024-11-21 06:57
NVD link : CVE-2022-28568
Mitre link : CVE-2022-28568
CVE.ORG link : CVE-2022-28568
JSON object : View
Products Affected
simple_doctor\'s_appointment_system_project
- simple_doctor\'s_appointment_system
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type