CVE-2022-28568
Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacke
CVSS
9.8
Critical
EPSS
3.0%
p86
KEV
—
Exploit Today
26
0-100
Published: May 4, 2022 · Last modified: Jul 9, 2026 · CWE-434
3.0%EPSS · 30 days4.1%
2026-06-302026-07-16
Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-562909.8 CRI85.4%
KEV—76Joomlack Page Builder Improper Access Control Vulnerability9dCVE-2026-489089.8 CRI72.6%
KEV—72JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability9dCVE-2026-489399.8 CRI71.5%
KEV—71iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability6dCVE-2026-562919.8 CRI53.6%
KEV—66Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability6dCVE-2023-388368.8 HIG99.3%
——30File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.8dCVE-2023-464747.2 HIG97.3%
——29File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.8d