exploitDog

CVE-2022-28568

Опубликовано: 04 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.

Ссылки

http://doctors.com
Broken Link
http://sourcecodetester.com
Broken Link
https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568
Exploit
Third Party Advisory
http://doctors.com
Broken Link
http://sourcecodetester.com
Broken Link
https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simple_doctor\'s_appointment_system_project:simple_doctor\'s_appointment_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01526

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-wv58-qrrq-2qw7

CVSS3: 9.8

github

почти 4 года назад

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.

EPSS

Процентиль: 81%

0.01526

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434