Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1m-wTfOL5gY3huaSEM3YPSf98qIrkl-TW/view?usp=sharing | Exploit Third Party Advisory |
https://github.com/RashidKhanPathan/CVE-2022-40471 | Exploit Third Party Advisory |
https://www.sourcecodester.com/php-clinics-patient-management-system-source-code | Product |
https://drive.google.com/file/d/1m-wTfOL5gY3huaSEM3YPSf98qIrkl-TW/view?usp=sharing | Exploit Third Party Advisory |
https://github.com/RashidKhanPathan/CVE-2022-40471 | Exploit Third Party Advisory |
https://www.sourcecodester.com/php-clinics-patient-management-system-source-code | Product |
Configurations
History
21 Nov 2024, 07:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://drive.google.com/file/d/1m-wTfOL5gY3huaSEM3YPSf98qIrkl-TW/view?usp=sharing - Exploit, Third Party Advisory | |
References | () https://github.com/RashidKhanPathan/CVE-2022-40471 - Exploit, Third Party Advisory | |
References | () https://www.sourcecodester.com/php-clinics-patient-management-system-source-code - Product |
07 Sep 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oretnom23:clinic\'s_patient_management_system:1.0:*:*:*:*:*:*:* | |
First Time |
Oretnom23 clinic\'s Patient Management System
Oretnom23 |
01 Nov 2022, 17:00
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-434 | |
CPE | cpe:2.3:a:clinic\'s_patient_management_system_project:clinic\'s_patient_management_system:1.0:*:*:*:*:*:*:* | |
References | (MISC) https://www.sourcecodester.com/php-clinics-patient-management-system-source-code - Product | |
References | (MISC) https://github.com/RashidKhanPathan/CVE-2022-40471 - Exploit, Third Party Advisory | |
References | (MISC) https://drive.google.com/file/d/1m-wTfOL5gY3huaSEM3YPSf98qIrkl-TW/view?usp=sharing - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
31 Oct 2022, 16:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-31 16:15
Updated : 2024-11-21 07:21
NVD link : CVE-2022-40471
Mitre link : CVE-2022-40471
CVE.ORG link : CVE-2022-40471
JSON object : View
Products Affected
oretnom23
- clinic\'s_patient_management_system
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type