Lucene search
CVE-2019-14530
🗓️ 13 Aug 2019 14:12:15Reported by mitreType 
cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 112 Views🌐 WEB
An issue in custom/ajax_download.php allows unauthorized file downloads and potential deletion in OpenEMR before 5.0.2
Show more
| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
 | Exploit for Path Traversal in Open-Emr Openemr | 30 Jun 202108:59 | – | githubexploit |
| Exploit for Path Traversal in Open-Emr Openemr | 13 Aug 201901:33 | – | githubexploit |
 | OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated) (2) | 5 Jul 202100:00 | – | exploitdb |
| OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated) | 21 Jun 202100:00 | – | exploitdb |
| OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated) (2) | 13 Jul 202100:00 | – | exploitdb |
 | CVE-2019-14530 | 13 Aug 201900:00 | – | attackerkb |
 | OpenEMR 5.0.1.7 Path Traversal | 18 Jun 202100:00 | – | packetstorm |
| OpenEMR 5.0.1.7 Path Traversal | 5 Jul 202100:00 | – | packetstorm |
| OpenEMR 5.0.1.3 Shell Upload | 13 Jul 202100:00 | – | packetstorm |
 | CVE-2019-14530 | 13 Aug 201914:15 | – | osv |
10
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| fileName | query param | /custom/ajax_download.php | Path traversal vulnerability allows an attacker to read any file readable by the www-data user from server storage. | CWE-22 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo13 Aug 2019 14:15Current
7.2High risk
Vulners AI Score7.2
CVSS26
CVSS38.8
EPSS0.34319