LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.
References
Link | Resource |
---|---|
https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/ | Exploit Third Party Advisory |
https://github.com/LibreHealthIO/lh-ehr/issues/1213 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-08-20 19:31
Updated : 2024-02-04 20:03
NVD link : CVE-2018-1000648
Mitre link : CVE-2018-1000648
CVE.ORG link : CVE-2018-1000648
JSON object : View
Products Affected
librehealth
- librehealth_ehr
CWE
CWE-269
Improper Privilege Management