RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell.
References
Link | Resource |
---|---|
https://github.com/remoteclinic/RemoteClinic/issues/24 | Exploit Issue Tracking Vendor Advisory |
Configurations
History
14 Nov 2023, 19:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:remoteclinic:remote_clinic:2.0:*:*:*:*:*:*:* | |
References | () https://github.com/remoteclinic/RemoteClinic/issues/24 - Exploit, Issue Tracking, Vendor Advisory | |
CWE | CWE-434 | |
First Time |
Remoteclinic remote Clinic
Remoteclinic |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
07 Nov 2023, 15:47
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-07 15:15
Updated : 2024-09-05 14:35
NVD link : CVE-2023-33480
Mitre link : CVE-2023-33480
CVE.ORG link : CVE-2023-33480
JSON object : View
Products Affected
remoteclinic
- remote_clinic
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type