cbcvebase.
CVE-2022-40471
published 2022-10-31

CVE-2022-40471: Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in…

PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
19.37%
97.0th percentile
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php

Affected

1 ranges
VendorProductVersion rangeFixed in
oretnom23clinic_s_patient_management_system

Detection & IOCsextracted from sources · hover to see the quote

path/pms/user_images
path/pms/users.php
  • Monitor for PHP file uploads to the profile picture upload endpoint in users.php; any multipart/form-data POST to users.php containing a .php extension in the filename field should be treated as malicious.
  • Alert on HTTP GET requests browsing or listing the /pms/user_images/ directory, which may indicate an attacker enumerating uploaded web shells post-exploitation.
  • The exploit is unauthenticated — no session cookie or login is required. Detect unauthenticated POST requests to users.php that include file upload content, especially from external IPs.
  • ·Directory listing must be enabled on /pms/user_images for the attacker to discover and execute the uploaded web shell; disabling directory listing breaks the exploit chain even if upload succeeds.
  • ·Vulnerability is confirmed only in Clinic's Patient Management System version 1.0; other versions are not referenced.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.