CVE-2022-24136

Published: Mar 31, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.

Affected (1)

Products: Hospital Management System Project: Hospital Management System

Hospital Management System Project

1 product

Hospital Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hospital Management System Project Hospital Management System	Version 1.0

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/kabirkhyrul/HMS/discussions/6

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/kabirkhyrul/HMS/discussions/6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.