漏洞标题
源码码ster诊所患者管理系统无 restrictions 上传
漏洞描述信息
源代码诊所患者管理系统无限制上传
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
SourceCodester Clinics Patient Management System unrestricted upload
漏洞描述信息
A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input <?php phpinfo();?> leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
危险类型文件的不加限制上传
漏洞标题
Patient Management System 安全漏洞
漏洞描述信息
Clinics Patient Management System是Carlo Montero个人开发者的一个诊所病人管理系统。 Patient Management System 2.0 版本存在安全漏洞,该漏洞源于参数 profile_picture 会导致上传不受限制,攻击者利用该漏洞可以执行远程服务器上的任意恶意脚本文件,从而直接获取应用系统权限。
CVSS信息
N/A
漏洞类别
其他