Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-emr openemr 4.0.0 |
||
open-emr openemr 4.1.1 |
||
open-emr openemr 4.1.0 |