From 37eaa29df650ccee041ec7b66be8c98d1010cd08 Mon Sep 17 00:00:00 2001
From: jenkins-metasploit <jenkins-metasploit@build-production.r7ops.com>
Date: Wed, 18 Dec 2024 12:41:54 +0000
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 64 ++++++++++++++++++++++++++++++++++-
 1 file changed, 63 insertions(+), 1 deletion(-)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 97be7c3ffb07..a761a934260f 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -58136,7 +58136,7 @@
       "https"
     ],
     "targets": null,
-    "mod_time": "2024-11-04 16:58:32 +0000",
+    "mod_time": "2024-12-17 14:27:41 +0000",
     "path": "/modules/auxiliary/scanner/teamcity/teamcity_login.rb",
     "is_install_path": true,
     "ref_name": "scanner/teamcity/teamcity_login",
@@ -102724,6 +102724,68 @@
     "session_types": false,
     "needs_cleanup": true
   },
+  "exploit_multi/http/clinic_pms_fileupload_rce": {
+    "name": "Clinic's Patient Management System 1.0 - Unauthenticated RCE",
+    "fullname": "exploit/multi/http/clinic_pms_fileupload_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2022-10-31",
+    "type": "exploit",
+    "author": [
+      "Aaryan Golatkar",
+      "Oğulcan Hami Gül"
+    ],
+    "description": "This module exploits an unauthenticated file upload vulnerability in Clinic's\n          Patient Management System 1.0. An attacker can upload a PHP web shell and execute\n          it by leveraging directory listing enabled on the `/pms/user_images` directory.",
+    "references": [
+      "EDB-51779",
+      "CVE-2022-40471",
+      "URL-https://www.cve.org/CVERecord?id=CVE-2022-40471",
+      "URL-https://drive.google.com/file/d/1m-wTfOL5gY3huaSEM3YPSf98qIrkl-TW/view"
+    ],
+    "platform": "PHP",
+    "arch": "php",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Clinic Patient Management System 1.0"
+    ],
+    "mod_time": "2024-12-17 21:39:30 +0000",
+    "path": "/modules/exploits/multi/http/clinic_pms_fileupload_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/clinic_pms_fileupload_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
   "exploit_multi/http/clipbucket_fileupload_exec": {
     "name": "ClipBucket beats_uploader Unauthenticated Arbitrary File Upload",
     "fullname": "exploit/multi/http/clipbucket_fileupload_exec",