2 matches found
CVE-2026-40075 OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...
GHSA-XJ4F-8JJG-VX4Q OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange
Impact The ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The VelocityEngine is initialized with only logging properties and noSecureUberspector, leaving the default...