Vulnerability Details CVE-2021-36622
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2021-36622
-
Online Covid Vaccination Scheduler System Project » Online Covid Vaccination Scheduler System » Version: 1.0cpe:2.3:a:online_covid_vaccination_scheduler_system_project:online_covid_vaccination_scheduler_system:1.0