Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-emr openemr |