Vulnerability Details CVE-2023-24610
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.055
EPSS Ranking 89.7%
CVSS Severity
CVSS v3 Score 8.8
References
- https://gist.github.com/abbisQQ/d8392acf7e02003e73af973cc9f5f54a
- https://github.com/shihjay2/docker-nosh
- https://github.com/shihjay2/nosh2/tree/4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533
- https://noshemr.wordpress.com
- https://gist.github.com/abbisQQ/d8392acf7e02003e73af973cc9f5f54a
- https://github.com/shihjay2/docker-nosh
- https://github.com/shihjay2/nosh2/tree/4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533
- https://noshemr.wordpress.com
Products affected by CVE-2023-24610
-
cpe:2.3:a:nosh_chartingsystem_project:nosh_chartingsystem:2021-03-13