cve/2020/CVE-2020-28939.md

### [CVE-2020-28939](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28939)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.

### POC

#### Reference
- https://labs.bishopfox.com/advisories/openclinic-version-0.8.2

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-28939](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28939)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.`

			`### POC`

			`#### Reference`
			`- https://labs.bishopfox.com/advisories/openclinic-version-0.8.2`

			`#### Github`
			`No PoCs found on GitHub currently.`