| 제목 | SourceCodester Simple Doctor's Appointment System 1.0 Unrestricted Upload |
|---|
| 설명 | A vulnerability, which was classified as critical, was found in sourcecodester Simple Doctor's Appointment System 1.0. This affects some
unknown functionality of the file /doctors_appointment/admin/ajax.php?action=save_category . The manipulation of the argument with an unknown input leads to a unrestricted upload vulnerability. The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. This is going to have an impact on confidentiality, integrity, and availability.
User can update file through /doctors_appointment/admin/ajax.php?action=save_category
Web application doesn't sanitize or filters the being uploaded, making it vulnerable to arbitrary file upload vulnerability, that can also lead to Remote Code Execution. |
|---|
| 원천 | ⚠️ https://github.com/dyh1213-wq/cve/issues/5 |
|---|
| 사용자 | dyh18 (UID 95587) |
|---|
| 제출 | 2026. 03. 15. AM 07:19 (17 날 ago) |
|---|
| 모더레이션 | 2026. 03. 30. PM 08:59 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354249 [SourceCodester Simple Doctors Appointment System 까지 1.0 ajax.php?action=save_category img 권한 상승] |
|---|
| 포인트들 | 20 |
|---|