{"api_version":"1","generated_at":"2026-07-06T06:48:06+00:00","cve":"CVE-2022-28568","urls":{"html":"https://cve.report/CVE-2022-28568","api":"https://cve.report/api/cve/CVE-2022-28568.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-28568","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-28568"},"summary":{"title":"CVE-2022-28568","description":"Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.","state":"PUBLISHED","assigner":"mitre","published_at":"2022-05-04 15:15:13","updated_at":"2026-07-05 16:17:15"},"problem_types":["CWE-434","n/a"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://doctors.com","name":"http://doctors.com","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"doctors.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568","name":"https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"],"title":"CVE/CVE-2022-28568 at main · b3nj1-1/CVE · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://sourcecodetester.com","name":"http://sourcecodetester.com","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"sourcecodetester.com - Registered at Namecheap.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-28568","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28568","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"28568","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"simple_doctor\\'s_appointment_system_project","cpe5":"simple_doctor\\'s_appointment_system","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2022","cve_id":"28568","cve":"CVE-2022-28568","epss":"0.040640000","percentile":"0.894370000","score_date":"2026-07-05","updated_at":"2026-07-06 00:01:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-03T05:56:15.718Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://sourcecodetester.com"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://doctors.com"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2026-07-05T15:48:33.697Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"url":"https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-28568","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://sourcecodetester.com","refsource":"MISC","url":"http://sourcecodetester.com"},{"name":"http://doctors.com","refsource":"MISC","url":"http://doctors.com"},{"name":"https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568","refsource":"MISC","url":"https://github.com/b3nj1-1/CVE/tree/main/CVE-2022-28568"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2022-28568","datePublished":"2022-05-04T14:32:16.000Z","dateReserved":"2022-04-04T00:00:00.000Z","dateUpdated":"2026-07-05T15:48:33.697Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2022-05-04 15:15:13","lastModifiedDate":"2026-07-05 16:17:15","problem_types":["CWE-434","n/a"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simple_doctor\\'s_appointment_system_project:simple_doctor\\'s_appointment_system:1.0:*:*:*:*:*:*:*","matchCriteriaId":"F65D2B9D-EADD-4795-99EA-B9E5D76A3A9F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"28568","Ordinal":"1","Title":"CVE-2022-28568","CVE":"CVE-2022-28568","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"28568","Ordinal":"1","NoteData":"Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.","Type":"Description","Title":"CVE-2022-28568"}]}}}