RemoteClinic Unrestricted File Upload Vulnerability in Profile Edit Function

A critical vulnerability allowing unrestricted file uploads has been identified in RemoteClinic versions through 2.0. The issue resides in the file '/staff/edit-my-profile.php', where inadequate validation of the 'image' parameter permits attackers to upload arbitrary files, including malicious scripts. This vulnerability can be exploited remotely, without any authentication, potentially leading to unauthorized code execution on the server.

Impact

Exploitation of this vulnerability allows attackers to upload and execute malicious scripts on the server, gaining unauthorized access and control. This could result in the compromise of sensitive data, unauthorized operations, and disruption of services.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/staff/edit-my-profile.php' with the 'image' parameter. The request must include a file named 'shell.php' containing a PHP payload that exploits the vulnerability by executing code on the server.

Remediation

No specific mitigation measures are known for this vulnerability.