Lucene search

CVE-2018-15141

🗓️ 13 Aug 2018 18:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 51 Views🌐 WEB

Directory traversal in OpenEMR allows remote attacker to delete files via "docid" parameter

Reporter	Title	Published	Views	Family All 9
Prion	Directory traversal	13 Aug 201818:29	–	prion
OSV	CVE-2018-15141	13 Aug 201818:29	–	osv
NVD	CVE-2018-15141	13 Aug 201818:29	–	nvd
Cvelist	CVE-2018-15141	13 Aug 201818:00	–	cvelist
Packet Storm	OpenEMR 5.0.1.3 File Read / Write / Delete	16 Aug 201800:00	–	packetstorm
Exploit DB	OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions	16 Aug 201800:00	–	exploitdb
exploitpack	OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions	16 Aug 201800:00	–	exploitpack
0day.today	OpenEMR 5.0.1.3 - Arbitrary File Actions Vulnerability	16 Aug 201800:00	–	zdt
OpenVAS	OpenEMR < 5.0.1.4 Multiple Vulnerabilities	14 Aug 201800:00	–	openvas

Nvd

Node

open-emr openemrRange<5.0.1.4

Source	Link
github	www.github.com/openemr/openemr/pull/1765/files
exploit-db	www.exploit-db.com/exploits/45202/
databreaches	www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/

Parameter	Position	Path	Description	CWE
mode	request body	/openemr/portal/import_template.php	Directory traversal vulnerability allowing arbitrary file actions based on 'mode' parameter.	CWE-22
docid	request body	/openemr/portal/import_template.php	Directory traversal vulnerability allowing arbitrary file actions based on 'mode' parameter.	CWE-22
mode	request body	/openemr/portal/import_template.php	Arbitrary file write vulnerability allowing attackers to write to arbitrary files.	CWE-22
docid	request body	/openemr/portal/import_template.php	Arbitrary file write vulnerability allowing attackers to write to arbitrary files.	CWE-22
content	request body	/openemr/portal/import_template.php	Arbitrary file write vulnerability allowing attackers to write to arbitrary files.	CWE-22
mode	request body	/openemr/portal/import_template.php	Arbitrary file delete vulnerability allowing attackers to delete arbitrary files.	CWE-22
docid	request body	/openemr/portal/import_template.php	Arbitrary file delete vulnerability allowing attackers to delete arbitrary files.	CWE-22

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Aug 2018 18:29Current

7.2High risk

Vulners AI Score7.2

CVSS25.5

CVSS36.5

EPSS0.02155

CWE-22