CVE-2023-24610
Published
CVSS v3
8.8
HIGH
CVSS v2
N/A
Affected
2
PROJECTS
Description
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting.
NOSH ChartingSystem is an electronic health record system designed exclusively for doctors and patients. This is a new mobile-friendly version that is now based off of the Laravel PHP framework and jQuery. NOSH has FHIR, Bluebutton, ICD-10, GoodRX API, RXNorm API, Phaxio, and UMA support.
GitHub