ghsa-5rjr-j9m9-qpm9
Vulnerability from github
Published
2022-07-13 00:00
Modified
2024-09-07 15:30
Severity
Details
A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input <?php phpinfo();?> leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2022-2297"
],
"database_specific": {
"cwe_ids": [
"CWE-434"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-12T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input \u003c?php phpinfo();?\u003e leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-5rjr-j9m9-qpm9",
"modified": "2024-09-07T15:30:29Z",
"published": "2022-07-13T00:00:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2297"
},
{
"type": "WEB",
"url": "https://github.com/CyberThoth/CVE/blob/8c6b66919be1bd66a54c16cc27cbdd9793221d3e/CVE/Clinic%27s%20Patient%20Management%20System/Unrestricted%20file%20upload%20%28RCE%29/POC.md"
},
{
"type": "WEB",
"url": "https://github.com/CyberThoth/CVE/blob/8c6b66919be1bd66a54c16cc27cbdd9793221d3e/CVE/Clinic\u0027s%20Patient%20Management%20System/Unrestricted%20file%20upload%20(RCE)/POC.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.203178"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading...