CVE-2022-2297

🗓️ 12 Jul 2022 16:22:14Reported by VulDBType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 101 Views🌐 WEB

A critical unrestricted upload vulnerability in SourceCodester Clinics Patient Management System 2.

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2022-2297	12 Jul 202220:25	–	circl
CNNVD	Patient Management System 安全漏洞	12 Jul 202200:00	–	cnnvd
CNNVD	Clinic’s Patient Management System SQL注入漏洞	1 Apr 202500:00	–	cnnvd
Cvelist	CVE-2022-2297 SourceCodester Clinics Patient Management System unrestricted upload	12 Jul 202216:22	–	cvelist
Metasploit	Clinic's Patient Management System 1.0 - Unauthenticated RCE	21 May 202518:53	–	metasploit
NVD	CVE-2022-2297	12 Jul 202217:15	–	nvd
OSV	CVE-2022-2297	12 Jul 202217:15	–	osv
Packet Storm	📄 Clinic's Patient Management System 1.0 SQL Injection / Remote Code Execution	22 May 202500:00	–	packetstorm
Packet Storm	📄 Clinic's Patient Management System 2.0 Remote Code Execution	10 Dec 202500:00	–	packetstorm
Prion	Design/Logic Flaw	12 Jul 202217:15	–	prion

NVD

Vulners

Node

oretnom23 clinic's_patient_management_systemMatch2.0

[
  {
    "product": "Clinics Patient Management System",
    "vendor": "SourceCodester",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/CyberThoth/CVE/blob/8c6b66919be1bd66a54c16cc27cbdd9793221d3e/CVE/Clinic%27s%20Patient%20Management%20System/Unrestricted%20file%20upload%20%28RCE%29/POC.md
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
profile_picture	upload data	/pms/update_user.php?user_id=1	Unrestricted file upload via profile_picture leads to remote code execution.	CWE-434
profile_picture	upload data	/update_user.php?user_id=1	Unrestricted file upload via profile_picture leads to remote code execution.	CWE-434