CVE-2022-24136 — Unrestricted File Upload in Management System Project Hospital Management System

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 44.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hospital Management System Project Hospital Management System

Timeline

PublishedMar 31

Latest updateApr 1

Description

Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDhospital_management_system_project/hospital_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-8cm6-w967-v85j: Hospital Management System v1↗2022-04-01

▶

CVEList

CVE-2022-24136: Hospital Management System v1↗2022-03-31

▶