8.8
CVE-2023-24610
- EPSS 2.12%
- Veröffentlicht 01.02.2023 14:15:09
- Zuletzt bearbeitet 27.03.2025 15:15:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginNOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nosh Chartingsystem Project ≫ Nosh Chartingsystem Version2021-03-13
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.12% | 0.795 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://github.com/shihjay2/docker-nosh
https://github.com/shihjay2/nosh2/tree/4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533
https://noshemr.wordpress.com
https://gist.github.com/abbisQQ/d8392acf7e02003e73af973cc9f5f54a