automatic module_metadata_base.json update

Author: jenkins-metasploit

db/modules_metadata_base.json

@@ -95686,6 +95686,66 @@
     "session_types": false,
     "needs_cleanup": true
   },
+  "exploit_multi/http/clinic_pms_sqli_to_rce": {
+    "name": "Clinic's Patient Management System 1.0 - Unauthenticated RCE",
+    "fullname": "exploit/multi/http/clinic_pms_sqli_to_rce",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "2025-01-04",
+    "type": "exploit",
+    "author": [
+      "msutovsky-r7",
+      "Ashish Kumar"
+    ],
+    "description": "This module exploits an SQL injection in login portal, which allows to log in as admin. Next, it allows the attacker to upload malicious files through user modification to achieve RCE.",
+    "references": [
+      "CVE-2022-2297",
+      "CVE-2025-3096",
+      "URL-https://www.cve.org/CVERecord?id=CVE-2022-40471"
+    ],
+    "platform": "PHP",
+    "arch": "php",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Clinic Patient Management System 2.0"
+    ],
+    "mod_time": "2025-05-21 09:05:41 +0000",
+    "path": "/modules/exploits/multi/http/clinic_pms_sqli_to_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/clinic_pms_sqli_to_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
   "exploit_multi/http/clipbucket_fileupload_exec": {
     "name": "ClipBucket beats_uploader Unauthenticated Arbitrary File Upload",
     "fullname": "exploit/multi/http/clipbucket_fileupload_exec",