CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:librehealth:librehealth_ehr:2.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-08-20 19:31

Updated : 2024-02-04 20:03


NVD link : CVE-2018-1000648

Mitre link : CVE-2018-1000648

CVE.ORG link : CVE-2018-1000648


JSON object : View

Products Affected

librehealth

  • librehealth_ehr
CWE
CWE-269

Improper Privilege Management