ghsa-5rjr-j9m9-qpm9
Vulnerability from github
Published
2022-07-13 00:00
Modified
2024-09-07 15:30
Severity
Details
A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input <?php phpinfo();?> leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
{ "affected": [], "aliases": [ "CVE-2022-2297" ], "database_specific": { "cwe_ids": [ "CWE-434" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-07-12T17:15:00Z", "severity": "HIGH" }, "details": "A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input \u003c?php phpinfo();?\u003e leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", "id": "GHSA-5rjr-j9m9-qpm9", "modified": "2024-09-07T15:30:29Z", "published": "2022-07-13T00:00:42Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2297" }, { "type": "WEB", "url": "https://github.com/CyberThoth/CVE/blob/8c6b66919be1bd66a54c16cc27cbdd9793221d3e/CVE/Clinic%27s%20Patient%20Management%20System/Unrestricted%20file%20upload%20%28RCE%29/POC.md" }, { "type": "WEB", "url": "https://github.com/CyberThoth/CVE/blob/8c6b66919be1bd66a54c16cc27cbdd9793221d3e/CVE/Clinic\u0027s%20Patient%20Management%20System/Unrestricted%20file%20upload%20(RCE)/POC.md" }, { "type": "WEB", "url": "https://vuldb.com/?id.203178" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading...