Unrated severityNVD Advisory· Published Aug 3, 2021· Updated Aug 4, 2024
CVE-2021-36622
CVE-2021-36622
Description
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Sourcecodester/Online Covid Vaccination Scheduler Systemdescription
- Range: 1.0
Patches
Vulnerability mechanics
References
1- www.exploit-db.com/exploits/50114mitreexploitx_refsource_EXPLOIT-DB
News mentions
0No linked articles in our index yet.