Описание
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.
Ссылки
- ExploitThird Party Advisory
- PatchRelease NotesVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- ExploitThird Party Advisory
- PatchRelease NotesVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:open-emr:openemr:5.0.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.88534
Высокий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.
EPSS
Процентиль: 99%
0.88534
Высокий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78