CVE-2026-6602
Unrestricted File Upload in rickxy Hospital Management System
Publication date: 2026-04-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the rickxy Hospital Management System in the file /backend/admin/his_admin_account.php. It involves the manipulation of the argument 'ad_dpic' which results in an unrestricted file upload. This means an attacker can remotely upload files without proper restrictions, potentially leading to unauthorized actions on the system.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to upload files without restriction. This can lead to unauthorized access, data manipulation, or execution of malicious code on the affected system. Such impacts can compromise the confidentiality, integrity, and availability of the hospital management system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to upload and execute malicious PHP scripts, leading to full system compromise and unauthorized access to sensitive patient medical data.
Such unauthorized access and potential leakage of sensitive health information directly impact compliance with regulations like GDPR and HIPAA, which mandate strict protection of personal and health data.
Failure to secure the system against this vulnerability could result in violations of these standards due to data breaches, unauthorized data processing, and lack of adequate security controls.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to upload a crafted PHP file via a multipart/form-data POST request to the endpoint /backend/admin/his_admin_account.php using the ad_dpic parameter. Successful upload and execution of a PHP script (e.g., a webshell) in the upload directory /backend/admin/assets/images/users/ indicates the presence of the vulnerability.
A proof of concept involves uploading a file named phptest.php containing PHP code such as <?php phpinfo(); ?> and then accessing it through the server URL to confirm remote code execution.
To detect exploitation attempts on your system or network, you can monitor HTTP POST requests to /backend/admin/his_admin_account.php with suspicious file uploads, especially those with PHP extensions or unusual MIME types.
- Use curl to test upload: curl -X POST -F "[email protected]" http://target/backend/admin/his_admin_account.php
- Check web server logs for POST requests to /backend/admin/his_admin_account.php with file uploads.
- Scan the upload directory /backend/admin/assets/images/users/ for unexpected PHP files.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enforcing strict whitelist validation of file extensions, allowing only safe image formats such as .jpg, .png, .gif, and .jpeg.
Validate the actual file content and MIME type using PHP functions like getimagesize() or finfo_file() to ensure the uploaded file is a legitimate image.
Disable execution permissions for uploaded files in the upload directories by configuring the web server, for example using .htaccess for Apache or location blocks for Nginx.
Rename uploaded files with random names to prevent attackers from predicting file paths.
These steps are critical to prevent exploitation, protect system integrity, and safeguard sensitive data.