Published: 13/08/2018 Updated: 10/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
open-emr openemr

# Exploit Title: OpenEMR 5013 - Arbitrary File Actions # Date: 2018-08-14 # Exploit Author: Joshua Fam # Twitter : @Insecurity # Vendor Homepage: wwwopen-emrorg/ # Software Link: githubcom/openemr/openemr/archive/v5_0_1_3targz # Version: < 5013 # Tested on: Ubuntu LAMP, OpenEMR Version 5013 # CVE : CVE-2018-15142 ...

OpenEMR version 5013 suffers from arbitrary file read, write, and delete vulnerabilities ...

OpenEMR <= 5.0.1 - (Authenticated) Remote Code Execution

OpenEMR RCE exploit / PoC OpenEMR <= 5014 - (Authenticated) Remote Code Execution Exploit for CVE-2018-15142 [EDB-49486] [PacketStorm] [WLB-2020080011] Usage $ ruby exploitrb --help OpenEMR <= 5014 - (Authenticated) Remote Code Execution Usage: exploitrb manual --root-url <url> --shell <filename> --user <username&am

CWE-22 https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/https://github.com/openemr/openemr/pull/1765/files https://www.exploit-db.com/exploits/45202/https://nvd.nist.gov https://github.com/noraj/OpenEMR-RCE https://www.exploit-db.com/exploits/45202/

CVE-2018-15142

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect