CVE-2022-28568

CVE-2022-28568CVE-2022-28568

simple_doctor\'s_appointment_system_project / simple_doctor\'s_appointment_system

Description

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.

Scoring

CVSS 9.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Last modified2026-07-05
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.