Описание
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-10572
- https://github.com/openemr/openemr/issues/1518
- https://github.com/openemr/openemr/pull/1519
- https://github.com/openemr/openemr/commit/699e3c2ef68545357cac714505df1419b8bf2051
- https://csticsfrontline.wordpress.com/2018/05/24/openemr-%E5%BC%B1%E9%BB%9E%E5%88%86%E6%9E%90
- https://www.open-emr.org/wiki/index.php/Release_Features#Version_5.0.1
Связанные уязвимости
CVSS3: 6.5
nvd
почти 8 лет назад
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.