CVE-2022-2297

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.8HIGH
EPSS
70.0%
top 1.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Clinics Patient Management SystemOretnom23 Clinic\'s Patient Management System
Timeline
PublishedJul 12
Latest updateJul 13

Description

A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-5rjr-j9m9-qpm9: A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 22022-07-13
CVEList
SourceCodester Clinics Patient Management System unrestricted upload2022-07-12
CVE-2022-2297 (HIGH CVSS 8.8) | A vulnerability | cvebase.io