CVE-2023-33480 — HIGH (8.8)

Vulnerability Description

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Remoteclinic	Remote Clinic	2.0

Related Weaknesses (CWE)

CWE-434

References

https://github.com/remoteclinic/RemoteClinic/issues/24ExploitIssue TrackingVendor Advisory
https://github.com/remoteclinic/RemoteClinic/issues/24ExploitIssue TrackingVendor Advisory

FAQ

What is CVE-2023-33480?

CVE-2023-33480 is a vulnerability with a CVSS score of 8.8 (HIGH). RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitra...

How severe is CVE-2023-33480?

CVE-2023-33480 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-33480?

Check the references section above for vendor advisories and patch information. Affected products include: Remoteclinic Remote Clinic.