module
Clinic's Patient Management System 1.0 - Unauthenticated RCE
| Disclosed |
|---|
| 2022-10-31 |
Disclosed
2022-10-31
Description
This module exploits an unauthenticated file upload vulnerability in Clinic's
Patient Management System 1.0. An attacker can upload a PHP web shell and execute
it by leveraging directory listing enabled on the `/pms/user_images` directory.
Patient Management System 1.0. An attacker can upload a PHP web shell and execute
it by leveraging directory listing enabled on the `/pms/user_images` directory.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.