Skip to main content

Hospital Management System CVE-2025-47663

CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2025-05-23 audit@patchstack.com
9.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Updated
Apr 28, 2026 - 20:06 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 23, 2026 - 15:42 vuln.today
cvss_changed
Analysis Generated
Mar 28, 2026 - 18:43 vuln.today
CVE Published
May 23, 2025 - 13:15 nvd
CRITICAL 9.9

DescriptionCVE.org

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11.

AnalysisAI

Authenticated remote attackers can upload malicious PHP web shells to mojoomla Hospital Management System versions 47.0(20) through 11, achieving remote code execution with server privileges. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C) reflects network-based exploitation requiring only low-privileged authentication, with scope change indicating potential container/hosting escape. EPSS score of 0.32% (55th percentile) suggests low probability of mass exploitation despite critical severity. Patchstack reported this CWE-434 file upload vulnerability, with exploit scenario involving authenticated upload of PHP backdoor to achieve persistent server compromise.

Technical ContextAI

This vulnerability represents a classic CWE-434 (Unrestricted Upload of File with Dangerous Type) implementation flaw in the mojoomla Hospital Management System WordPress plugin. The application fails to implement proper file type validation, MIME type verification, and extension allowlisting on user-supplied file uploads. In WordPress plugin architectures, file upload handlers typically process medical records, patient documents, or administrative files. When input validation is absent or bypassable, attackers can upload executable PHP files that the web server processes as code rather than static content. The changed scope (S:C) in the CVSS vector indicates the vulnerable component (WordPress plugin) operates in a different security context than the impacted resource, suggesting the uploaded shell can affect the underlying web server, database, or hosting infrastructure beyond the plugin's intended sandbox.

Affected ProductsAI

The vulnerability affects mojoomla Hospital Management System WordPress plugin versions 47.0(20) through 11. The version numbering appears inconsistent in available data, suggesting either a reporting error or non-standard versioning scheme by the vendor. Based on Patchstack references, this targets the WordPress ecosystem plugin identified as 'hospital-management' in the WordPress plugin directory. Organizations should verify their installed version against the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/hospital-management/vulnerability/wordpress-hospital-management-system-plugin-47-0-20-11-2023-arbitrary-file-upload-vulnerability-2 for precise version identification and affected release confirmation.

RemediationAI

Healthcare organizations should immediately verify if mojoomla Hospital Management System plugin is installed and check version against affected range (47.0(20) through 11). Consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/hospital-management/vulnerability/wordpress-hospital-management-system-plugin-47-0-20-11-2023-arbitrary-file-upload-vulnerability-2 for vendor-confirmed patched version and upgrade path, though no explicit patched version number is provided in available intelligence. If no patch is released, implement compensating controls: restrict file upload functionality to only administrators (not low-privileged users like doctors or nurses) through WordPress role management, configure web server to block execution of PHP files in upload directories via .htaccess rules (AddHandler application/x-httpd-php-disabled .php) or nginx location blocks, implement application-layer web application firewall rules to inspect upload requests for executable content signatures, and audit existing upload directories for suspicious PHP/executable files uploaded since version 47.0(20) deployment. Note that restricting upload permissions will impact legitimate hospital workflow for document management. Monitor WordPress plugin repository and mojoomla vendor channels for official security updates before re-enabling broad upload access.

Share

CVE-2025-47663 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy