OpenEMR - Arbitrary '.PHP' File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "OpenEMR PHP File...

OpenEMR PHP File Upload Vulnerability

This module exploits a vulnerability found in OpenEMR 4.1.1 By abusing the ofcuploadimage.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been test...