Lucene search

K

MitreCVELIST:CVE-2020-24621

HistorySep 25, 2020 - 3:40 a.m.

CVE-2020-24621

2020-09-2503:40:21

mitre

www.cve.org

8.9 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.1%

A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.

References

github.com/openmrs/openmrs-module-htmlformentry/pull/178

github.com/openmrs/openmrs-module-uiframework/pull/59

issues.openmrs.org/browse/HTML-730

www.contrastsecurity.com/security-influencers

www.contrastsecurity.com/security-influencers/authenticated-remote-code-execution-openmrs

8.9 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.1%

Related for CVELIST:CVE-2020-24621

osv1 nvd1 prion1 cve1