COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-28568

CVE-2022-28568

Severity
critical
Source
NVD · cve
Published
2022-05-04
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-28568
⚡ RCE shame 50/100 rce

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.

Players implicated

simple doctor\'s appointment system project · vendorsimple doctor\'s appointment system · product

Description

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.