6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.6%
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the “docid” parameter when the mode is set to delete.