PT-2022-25396 · Unknown · Clinic'S Patient Management System
Ihexcoder
+1
·
Published
2022-10-31
·
Updated
2025-12-31
·
CVE-2022-40471
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Clinic's Patient Management System version 1.0
Description
The issue allows an attacker to upload an arbitrary PHP webshell via the profile picture upload functionality in
users.php. This enables remote code execution.Recommendations
For Clinic's Patient Management System version 1.0, consider disabling the profile picture upload functionality in
users.php until a patch is available to prevent the upload of arbitrary PHP webshells. Restrict access to the users.php file to minimize the risk of exploitation. Avoid using the profile picture upload feature until the issue is resolved.Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clinic'S Patient Management System