CVE-2018-15156
OpenEMR prior to 5.0.1.4 is affected by an OS command injection in interface/fax/faxq.php. An authenticated remote attacker can modify the hylafax_server global in interface/super/edit_globals.php and craft a request to execute arbitrary commands. Exploitation details are documented across multip...