CVE-2023-43958

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-43958
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://flashy-lemonade-192.notion.site/Unauthenticated-arbitrary-file-upload-via-jQuery-File-Upload-in-Hospital-Management-System-3c02c1e8ef65432686321fcbad78bb1e Exploit Third Party Advisory
https://flashy-lemonade-192.notion.site/Unauthenticated-arbitrary-file-upload-via-jQuery-File-Upload-in-Hospital-Management-System-3c02c1e8ef65432686321fcbad78bb1e?pvs=4 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:kishan0725:hospital_management_system:4.0:*:*:*:*:*:*:*
History

14 May 2025, 13:14

Type Values Removed Values Added
CPE cpe:2.3:a:kishan0725:hospital_management_system:4.0:*:*:*:*:*:*:*
First Time Kishan0725
Kishan0725 hospital Management System
References () https://flashy-lemonade-192.notion.site/Unauthenticated-arbitrary-file-upload-via-jQuery-File-Upload-in-Hospital-Management-System-3c02c1e8ef65432686321fcbad78bb1e - () https://flashy-lemonade-192.notion.site/Unauthenticated-arbitrary-file-upload-via-jQuery-File-Upload-in-Hospital-Management-System-3c02c1e8ef65432686321fcbad78bb1e - Exploit, Third Party Advisory
References () https://flashy-lemonade-192.notion.site/Unauthenticated-arbitrary-file-upload-via-jQuery-File-Upload-in-Hospital-Management-System-3c02c1e8ef65432686321fcbad78bb1e?pvs=4 - () https://flashy-lemonade-192.notion.site/Unauthenticated-arbitrary-file-upload-via-jQuery-File-Upload-in-Hospital-Management-System-3c02c1e8ef65432686321fcbad78bb1e?pvs=4 - Exploit, Third Party Advisory

23 Apr 2025, 14:15

Type Values Removed Values Added
CWE CWE-94
Summary
  • (es) Una vulnerabilidad de carga de archivos arbitrarios en el componente /jquery-file-upload/server/php/index.php de Hospital Management System v4.0 permite a un atacante no autenticado cargar cualquier archivo al servidor y ejecutar código arbitrario.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

22 Apr 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-22 18:15

Updated : 2025-05-14 13:14

NVD link : CVE-2023-43958

Mitre link : CVE-2023-43958

CVE.ORG link : CVE-2023-43958

JSON object : View

Products Affected

kishan0725

  • hospital_management_system
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')