CVE-2022-40471

CRITICAL

Clinic's Patient Management System 1.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2022-40471. PoCs published by RashidKhanPathan, Dharan10, msutovsky-r7, Ashish Kumar, including Metasploit module exploits/multi/http/clinic_pms_sqli_to_rce.

AI-analyzed exploit summary This exploit PoC demonstrates a remote code execution vulnerability in Clinic's Patient Management System v1.0 via an unrestricted file upload flaw in the profile picture functionality. It uploads a PHP webshell to achieve command execution.

Description

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php

Exploits (4)

nomisec WORKING POC 9 stars
by RashidKhanPathan · poc
https://github.com/RashidKhanPathan/CVE-2022-40471

This exploit PoC demonstrates a remote code execution vulnerability in Clinic's Patient Management System v1.0 via an unrestricted file upload flaw in the profile picture functionality. It uploads a PHP webshell to achieve command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Clinic's Patient Management System v1.0
Auth required
Prerequisites: Valid credentials for authentication · Access to the target's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Dharan10 · poc
https://github.com/Dharan10/CVE-2022-40471

This PoC demonstrates an authenticated file upload vulnerability in Clinic's Patient Management System (CPMS), allowing an attacker to upload a PHP web shell and execute arbitrary commands. The exploit authenticates using provided credentials and uploads a malicious PHP file via the profile image upload feature.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Clinic's Patient Management System (CPMS)
Auth required
Prerequisites: Valid CPMS credentials · Network access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by msutovsky-r7, Ashish Kumar · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/clinic_pms_sqli_to_rce.rb

This Metasploit module exploits an SQL injection vulnerability in Clinic's Patient Management System 1.0 to achieve unauthenticated remote code execution (RCE) by uploading a malicious PHP file through user modification.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Clinic's Patient Management System 1.0
No auth needed
Prerequisites: Target must be running Clinic's Patient Management System 1.0 · Target must be accessible via HTTP
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Aaryan Golatkar, Oğulcan Hami Gül · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/clinic_pms_fileupload_rce.rb

This Metasploit module exploits an unauthenticated file upload vulnerability in Clinic's Patient Management System 1.0, allowing an attacker to upload a PHP web shell and execute it via directory listing in `/pms/user_images`.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Clinic's Patient Management System 1.0
No auth needed
Prerequisites: Target must have directory listing enabled on `/pms/user_images` · PHPSESSID must be retrievable from the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.1937
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
oretnom23/clinic\'s_patient_management_system 1.0
Published Oct 31, 2022
Tracked Since Feb 18, 2026