CVE-2023-33480

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 7, 2023

Updated: Nov 14, 2023

CWE ID 434

Summary

CVE-2023-33480 is a critical vulnerability chain affecting RemoteClinic 2.0. A remote attacker with low-privileged user credentials can exploit this vulnerability by sending specially crafted requests to the application. The flaw lies in the lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By manipulating these endpoints, an attacker can create admin users with elevated privileges, upload a PHP file, and execute arbitrary code on the target system through a PHP shell.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tT1waV
https://www.cve.org/CVERecord?id=CVE-2023-33480
https://nvd.nist.gov/vuln/detail/CVE-2023-33480

Back to Vulnerability Database

CVE-2023-33480

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations