exploitDog

CVE-2018-1000648

Опубликовано: 20 авг. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.

Ссылки

https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/
Exploit
Third Party Advisory
https://github.com/LibreHealthIO/lh-ehr/issues/1213
Exploit
Third Party Advisory
https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/
Exploit
Third Party Advisory
https://github.com/LibreHealthIO/lh-ehr/issues/1213
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librehealth:librehealth_ehr:2.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02094

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-34h5-8gf3-x5q5

CVSS3: 8.8

github

больше 3 лет назад

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.

EPSS

Процентиль: 84%

0.02094

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269