CVE-2018-15141

Опубликовано: 13 авг. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 5.5

EPSS Низкий

Описание

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.

Ссылки

https://github.com/openemr/openemr/pull/1765/files
Patch
Third Party Advisory
https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/
Third Party Advisory
https://www.exploit-db.com/exploits/45202/
Exploit
Third Party Advisory
VDB Entry
https://github.com/openemr/openemr/pull/1765/files
Patch
Third Party Advisory
https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/
Third Party Advisory
https://www.exploit-db.com/exploits/45202/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*

Версия до 5.0.1.4 (исключая)

EPSS

Процентиль: 75%

0.00861

Низкий

6.5 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-gvvw-2fw3-q5rv