CVE-2022-28568

{"id": "CVE-2022-28568", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-05-04T15:15:13.040", "references": [{"url": "http://doctors.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://sourcecodetester.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://doctors.com", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourcecodetester.com", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored."}, {"lang": "es", "value": "Sourcecodester Doctor's Appointment System versi\u00f3n 1.0, es vulnerable a una carga de archivos a RCE por medio de una carga de im\u00e1genes desde el panel del administrador. Un atacante puede obtener una ejecuci\u00f3n de comandos remota con s\u00f3lo conocer la ruta donde son almacenadas las im\u00e1genes"}], "lastModified": "2024-11-21T06:57:31.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simple_doctor\\'s_appointment_system_project:simple_doctor\\'s_appointment_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F65D2B9D-EADD-4795-99EA-B9E5D76A3A9F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}