Soul01

**Name of the Vulnerable Software and Affected Versions** Codecanyon iDentSoft version 2.0 **Description** A critical issue exists in Codecanyon iDentSoft 2.0, specifically within the Account Setting Page. The vulnerability allows for unrestricted file upload through manipulation of the `photo` argument in the `/clinica/profile/updateSetting` file. This attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Codecanyon iDentSoft version 2.0: Restrict access to the `/clinica/profile/updateSetting` file or disable the Account Setting Page functionality until a fix is available.