CVE-2018-15142

2018-08-13T18:29:00
ID CVE-2018-15142
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T18:21:00

Description

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory.