1. Home
  2. CVE Database
  3. CVE-2021-36622
CRITICAL · 9.8

CVE-2021-36622

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/sch...

Vulnerability Description

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Online Covid Vaccination Scheduler System ProjectOnline Covid Vaccination Scheduler System1.0

Related Weaknesses (CWE)

CWE-434

References

FAQ

What is CVE-2021-36622?

CVE-2021-36622 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/sch...

How severe is CVE-2021-36622?

CVE-2021-36622 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-36622?

Check the references section above for vendor advisories and patch information. Affected products include: Online Covid Vaccination Scheduler System Project Online Covid Vaccination Scheduler System.