What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11.
Explanation of Vulnerability in Simple Terms
02Summary
The Hospital Management System Joomla extension allows authenticated users with low privileges to upload files without restriction. An attacker can upload malicious files to execute code on the site, modify data, or disrupt service. The vulnerability affects scope beyond the component itself, potentially compromising the entire Joomla installation.
What an attacker can do
03Attacker Capabilities
Upload malicious files and run code on the site, read sensitive data, or disable the site.
Potential impact on your site
04Site Impact
Any low-privilege user can compromise your entire Joomla installation by uploading and executing malicious files.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the Joomla site.
Key dates
06Disclosure timeline
May 23, 2025
CVE published
April 28, 2026
Record updated