exploitDog

CVE-2011-5161

Опубликовано: 09 сент. 2012

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/.

Комментарий

Per: http://cwe.mitre.org/data/definitions/434.html

'CWE-434: Unrestricted Upload of File with Dangerous Type'

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:open-emr:openemr:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:open-emr:openemr:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:open-emr:openemr:4.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02782

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-35cf-cqr4-fr2m

github

больше 3 лет назад

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/.

EPSS

Процентиль: 86%

0.02782

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other