interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter.
source: wwwsecurityfocuscom/bid/51788/info
OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input
A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the user running the application, obtain potentially ...