Share
## https://sploitus.com/exploit?id=4BB3309C-617D-50B0-B4FB-06876790970C
# CVE-2022-40471 โ€“ CPMS Authenticated File Upload RCE

## ๐Ÿ“Œ Overview
**CVE-2022-40471** is an authenticated Remote Code Execution vulnerability affecting  
**Clinic's Patient Management System (CPMS)**.

The vulnerability exists due to **insufficient validation of uploaded files** in the
user profile image upload functionality, allowing an authenticated attacker to upload
and execute arbitrary PHP code.

---

## ๐Ÿง  Vulnerability Details

- **Product:** Clinic's Patient Management System (CPMS)
- **Vulnerability Type:** Authenticated File Upload โ†’ Remote Code Execution
- **CVE ID:** CVE-2022-40471
- **Attack Vector:** Web
- **Authentication Required:** Yes
- **Impact:** Full remote command execution

---

## โš™๏ธ Exploitation Flow

1. Authenticate using valid CPMS credentials
2. Upload a malicious PHP file via the profile image upload feature
3. Access the uploaded PHP shell to execute OS commands

---

## ๐Ÿš€ Usage

### Requirements
- Python 3.x
- `requests` library

```bash
pip install requests