Lucene search
K

6 matches found

NVD
NVD
added 2026/03/03 10:16 p.m.7 views

CVE-2026-24848

OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...

9.9CVSS0.06831EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 10:4 p.m.5 views

CVE-2026-24848 OpenEMR Arbitrary File Write leading to Remote Code Execution

OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...

8.7CVSS6AI score0.06831EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.5 views

CVE-2026-24849

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the disposeDocument method in EtherFaxActions.php allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user regardless of...

9.9CVSS5.7AI score0.02164EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2026/02/25 1:44 a.m.4 views

CVE-2026-24849 OpenEMR Arbitrary File Read Vulnerability

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the disposeDocument method in EtherFaxActions.php allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user regardless of...

9.9CVSS5.7AI score0.02164EPSS
Exploits5References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 1:44 a.m.6 views

CVE-2026-24849

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the disposeDocument method in EtherFaxActions.php allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user regardless of...

9.9CVSS5.7AI score0.02164EPSS
Exploits5References3Affected Software1
CVE
CVE
added 2026/02/25 1:44 a.m.34 views

CVE-2026-24849

OpenEMR vulnerability CVE-2026-24849 affects the EtherFaxActions.php disposeDocument() path, allowing any authenticated user to read arbitrary files on the server filesystem. The root cause is improper access control in the disposeDocument() method, enabling high confidentiality/integriity/availa...

9.9CVSS5.7AI score0.02164EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder