Описание
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
Ссылки
- ExploitPatch
- Vendor Advisory
- Patch
- Exploit
- ExploitPatch
- ExploitPatch
- Vendor Advisory
- Patch
- Exploit
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openemr:openemr:4.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.42836
Средний
3.5 Low
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
EPSS
Процентиль: 97%
0.42836
Средний
3.5 Low
CVSS2
Дефекты
CWE-22