Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1m-wTfOL5gY3huaSEM3YPSf98qIrkl-TW/view?usp=sharing | Exploit Third Party Advisory |
https://github.com/RashidKhanPathan/CVE-2022-40471 | Exploit Third Party Advisory |
https://www.sourcecodester.com/php-clinics-patient-management-system-source-code | Product |
Configurations
History
07 Sep 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oretnom23 clinic\'s Patient Management System
Oretnom23 |
|
CPE | cpe:2.3:a:oretnom23:clinic\'s_patient_management_system:1.0:*:*:*:*:*:*:* |
Information
Published : 2022-10-31 16:15
Updated : 2024-09-07 12:56
NVD link : CVE-2022-40471
Mitre link : CVE-2022-40471
CVE.ORG link : CVE-2022-40471
JSON object : View
Products Affected
oretnom23
- clinic\'s_patient_management_system
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type