Arbitrary Code Execution Vulnerability in Clinic's Patient Management System by Oretnom23
CVE-2022-36270

9.8CRITICAL

Key Information:

Vendor: Clinic\'s Patient Management System Project
Status: Clinic\'s Patient Management System
Vendor: CVE Published:; 10 August 2022

🔔 Create Clinic\'s Patient Management System Project Vulnerability Alert

What is CVE-2022-36270?

The Clinic's Patient Management System v1.0 is susceptible to an arbitrary code execution vulnerability that can be exploited through the users.php endpoint. This flaw allows attackers to execute arbitrary code on the server, posing significant risks to the integrity and confidentiality of the system. Security measures should be adopted to mitigate the threats associated with this vulnerability, ensuring that the system remains secure against potential exploits.

References

https://github.com/FF9118/bug_report/blob/main/vendors/or...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Jul 18, 2022

JSON