Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Saad Irfan RemoteClinic 安全漏洞
Vulnerability Description
Saad Irfan RemoteClinic是Saad Irfan开源的一个应用程序。提供通过Web远程管理您的诊所功能。 RemoteClinic 2.0版本存在安全漏洞,该漏洞源于staff/register.php端点和edit-my-profile.php页面缺乏输入验证和访问控制,导致攻击者可以创建高权限管理员用户,上传包含任意代码的PHP文件,并执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A