Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2019-14530

Published: 13/08/2019 Updated: 10/02/2022
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 535
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Open-emr

Vulnerability Summary

An issue exists in custom/ajax_download.php in OpenEMR prior to 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

open-emr openemr

Exploits

Exploit DB: OpenEMR 5.0.1.7 Path Traversal
OpenEMR version 5017 path traversal exploit ...
Exploit DB: OpenEMR 5.0.1.3 Shell Upload
OpenEMR version 5013 authenticated remote shell upload exploit that leverages a vulnerability discovered in 2018 ...
Exploit DB: OpenEMR 5.0.1.7 Path Traversal
OpenEMR version 5017 suffers from a path traversal vulnerability ...

Github Repositories

https://github.com/sec-it/exploit-CVE-2019-14530

OpenEMR < 5.0.2 - (Authenticated) Path Traversal - Local File Disclosure

OpenEMR CVE-2019-14530 exploit OpenEMR &lt; 502 - (Authenticated) Path Traversal - Local File Disclosure Exploit for CVE-2019-14530 [EDB-50087] [PacketStorm] Usage $ ruby exploitrb -h OpenEMR &lt; 502 - (Authenticated) Path Traversal - Local File Disclosure Source: githubcom/sec-it/exploit-CVE-2019-14530 U

https://github.com/Wezery/CVE-2019-14530

OpenEMR security issue

CVE-2019-14530 Path traversal and DoS vulnerability in OpenEMR project Vulnerable function in file: /openemr/custom/ajax_downloadphp Conditions: any authorized user for DoS case: directory "/sites/default/documents/cqm_qrda/" must exists on server ( Due to logic of "unlink()" function, path to file must consist only exsisting directories and file in it )

https://github.com/sec-it/exploit-CVE-2018-15139

OpenEMR < 5.0.1.4 - (Authenticated) File upload - Remote command execution

OpenEMR CVE-2018-15139 exploit OpenEMR &lt; 5014 - (Authenticated) File upload - Remote command execution Exploit for CVE-2018-15139 Usage $ ruby exploitrb -h OpenEMR &lt; 5014 - (Authenticated) File upload - Remote command execution Source: githubcom/sec-it/exploit-CVE-2019-14530 Usage: exploitrb exploit &lt;url&gt; &lt;filename&

References

CWE-22https://github.com/openemr/openemr/pull/2592https://github.com/Wezery/CVE-2019-14530http://packetstormsecurity.com/files/163215/OpenEMR-5.0.1.7-Path-Traversal.htmlhttp://packetstormsecurity.com/files/163375/OpenEMR-5.0.1.7-Path-Traversal.htmlhttps://github.com/Hacker5preme/Exploits/tree/main/CVE-2019-14530-Exploithttps://nvd.nist.govhttps://github.com/sec-it/exploit-CVE-2019-14530https://packetstormsecurity.com/files/163375/OpenEMR-5.0.1.7-Path-Traversal.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook