CVE-2020-24621

2020-09-2504:23:04

Google

osv.dev

7.6 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.1%

JSON

A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.

CPENameOperatorVersion
openmrs-module-htmlformentryeqopenmrs-1.7.x
openmrs-module-htmlformentryeq2.3
openmrs-module-htmlformentryeqhtmlformentry-2.4
openmrs-module-htmlformentryeq2.6
openmrs-module-htmlformentryeq3.7.0
openmrs-module-htmlformentryeqopenmrs-1.6.x
openmrs-module-htmlformentryeq1.8.1
openmrs-module-htmlformentryeq2.1.4.1
openmrs-module-htmlformentryeq1.9.1
openmrs-module-htmlformentryeq2.0

Name	Operator	Version
openmrs-module-htmlformentry	eq	openmrs-1.7.x
openmrs-module-htmlformentry	eq	2.3
openmrs-module-htmlformentry	eq	htmlformentry-2.4
openmrs-module-htmlformentry	eq	2.6
openmrs-module-htmlformentry	eq	3.7.0
openmrs-module-htmlformentry	eq	openmrs-1.6.x
openmrs-module-htmlformentry	eq	1.8.1
openmrs-module-htmlformentry	eq	2.1.4.1
openmrs-module-htmlformentry	eq	1.9.1
openmrs-module-htmlformentry	eq	2.0