CVE-2023-24610

EUVD-2023-28625
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Common Weakness Enumeration
References
https://gist.github.com/abbisQQ/d8392acf7e02003e73af973cc9f5f54a
https://github.com/shihjay2/docker-nosh
https://github.com/shihjay2/nosh2/tree/4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533
https://noshemr.wordpress.com
https://gist.github.com/abbisQQ/d8392acf7e02003e73af973cc9f5f54a
https://github.com/shihjay2/docker-nosh
https://github.com/shihjay2/nosh2/tree/4a5cfdbd73f6a2ab5ee43a33d173c46fe0271533
https://noshemr.wordpress.com