A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
The vulnerability results from the lack of proper validation of uploaded file types in a component based on the jQuery library. An unauthenticated attacker can upload any file — including executable files (e.g., webshell) — directly to the server without requiring any permissions. After uploading the malicious file, the attacker can gain the ability to execute commands remotely on the server by accessing the uploaded file through a web browser.
An attacker can upload a webshell or other malicious payload, gaining remote code execution (RCE) on the server, which can result in complete system compromise, theft of patient data, and further lateral movement in the network.
Apply patches available from the vendor according to the references. Additionally, it is recommended to implement strict validation of file types and extensions on the server side, require authentication before any file upload, and configure the web server so that upload directories do not have script execution permissions.
Phpgurukul Hospital Management System V4.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPhpgurukul Hospital Management System
APPPhpgurukul4.0
Related vulnerabilities
SQL Injection w phpgurukul Hospital Management System 4.0 (parametr username)
SQL Injection w phpgurukul Hospital Management System 4.0 (add-doctor.php)
RCE w Phpgurukul Hospital Management System v4.0 przez edit-profile.php
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote atta...
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Managemen...