The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-emr openemr 5.0.2.1 |