QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-36622

Back to search

CVE-2021-36622

Published: Aug 3, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.

VendorProductVersions

n/a

n/a

affected
n/a

References

Exploit Database
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now