B3Nj1

**Name of the Vulnerable Software and Affected Versions** Sourcecodester Doctor's Appointment System version 1.0 **Description** The issue allows for remote command execution through file upload, specifically via image upload from the administrator panel. An attacker can exploit this by knowing the path where the images are stored. **Recommendations** For Sourcecodester Doctor's Appointment System version 1.0, consider restricting access to the image upload feature in the administrator panel until a fix is available. As a temporary workaround, restrict write access to the directory where uploaded images are stored to minimize the risk of exploitation.