mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 10:41:43 +00:00
18 lines
1.1 KiB
Markdown
18 lines
1.1 KiB
Markdown
|
### [CVE-2023-33480](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33480)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- https://github.com/remoteclinic/RemoteClinic/issues/24
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
No PoCs found on GitHub currently.
|
||
|
|
|