PT-2022-19081 · Sourcecodester · Sourcecodester Doctors Appointment System
B3Nj1
·
Published
2022-05-04
·
Updated
2022-05-12
·
CVE-2022-28568
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Doctor's Appointment System version 1.0
Description
The issue allows for remote command execution through file upload, specifically via image upload from the administrator panel. An attacker can exploit this by knowing the path where the images are stored.
Recommendations
For Sourcecodester Doctor's Appointment System version 1.0, consider restricting access to the image upload feature in the administrator panel until a fix is available. As a temporary workaround, restrict write access to the directory where uploaded images are stored to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Doctors Appointment System