Share
## https://sploitus.com/exploit?id=4BB3309C-617D-50B0-B4FB-06876790970C
# CVE-2022-40471 โ CPMS Authenticated File Upload RCE
## ๐ Overview
**CVE-2022-40471** is an authenticated Remote Code Execution vulnerability affecting
**Clinic's Patient Management System (CPMS)**.
The vulnerability exists due to **insufficient validation of uploaded files** in the
user profile image upload functionality, allowing an authenticated attacker to upload
and execute arbitrary PHP code.
---
## ๐ง Vulnerability Details
- **Product:** Clinic's Patient Management System (CPMS)
- **Vulnerability Type:** Authenticated File Upload โ Remote Code Execution
- **CVE ID:** CVE-2022-40471
- **Attack Vector:** Web
- **Authentication Required:** Yes
- **Impact:** Full remote command execution
---
## โ๏ธ Exploitation Flow
1. Authenticate using valid CPMS credentials
2. Upload a malicious PHP file via the profile image upload feature
3. Access the uploaded PHP shell to execute OS commands
---
## ๐ Usage
### Requirements
- Python 3.x
- `requests` library
```bash
pip install requests