Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2018-15139

Published: 13/08/2018 Updated: 10/02/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

open-emr openemr

Exploits

Exploit DB: OpenEMR 5.0.1.3 Shell Upload
OpenEMR version 5013 authenticated remote shell upload exploit ...
Exploit DB: OpenEMR 5.0.1.3 Shell Upload
OpenEMR version 5013 authenticated remote shell upload exploit that leverages a vulnerability discovered in 2018 ...

Github Repositories

https://github.com/sec-it/exploit-CVE-2018-15139

OpenEMR < 5.0.1.4 - (Authenticated) File upload - Remote command execution

OpenEMR CVE-2018-15139 exploit OpenEMR &lt; 5014 - (Authenticated) File upload - Remote command execution Exploit for CVE-2018-15139 Usage $ ruby exploitrb -h OpenEMR &lt; 5014 - (Authenticated) File upload - Remote command execution Source: githubcom/sec-it/exploit-CVE-2019-14530 Usage: exploitrb exploit &lt;url&gt; &lt;filename&

References

CWE-434https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/https://github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3dc5485http://packetstormsecurity.com/files/163110/OpenEMR-5.0.1.3-Shell-Upload.htmlhttp://packetstormsecurity.com/files/163482/OpenEMR-5.0.1.3-Shell-Upload.htmlhttps://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-15139-Exploithttps://nvd.nist.govhttps://github.com/sec-it/exploit-CVE-2018-15139https://packetstormsecurity.com/files/163110/OpenEMR-5.0.1.3-Shell-Upload.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook