Remote Command Execution via Image Upload in Sourcecodester Doctor's Appointment System 1.0

Remote Command Execution via Image Upload in Sourcecodester Doctor's Appointment System 1.0

CVE-2022-28568 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.

Learn more about our Web Application Penetration Testing UK.