CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 6:48 a.m.•3 views

CVE-2018-1000646

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution...

8.8CVSS7.6AI score0.02418EPSS

RedhatCVE•added 2025/05/22 2:35 a.m.•4 views

CVE-2018-1000839

LH-EHR version REL-200 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type...

8.8CVSS7.4AI score0.03837EPSS

NVD•added 2018/12/20 3:29 p.m.•8 views

CVE-2018-1000839

8.8CVSS8.9AI score0.03837EPSS

OSV•added 2018/12/20 3:29 p.m.•9 views

CVE-2018-1000839

8.8CVSS7.3AI score

Cvelist•added 2018/12/20 3:0 p.m.•11 views

CVE-2018-1000839

8.9AI score0.03837EPSS

CVE•added 2018/12/20 3:0 p.m.•31 views

CVE-2018-1000839

The CVE-2018-1000839 entry concerns LH-EHR REL-2_0_0, which has an Arbitrary File Upload flaw in the Profile picture upload feature that can lead to Remote Code Execution. The exploit path is described as uploading a PHP file with an image MIME type, enabling code execution on the server. Public ...

8.8CVSS8.8AI score0.03837EPSS

Exploits1References2Affected Software1

CNVD•added 2018/08/22 12:0 a.m.•2 views

Arbitrary File Deletion Vulnerability in LibreHealthIO LH-EHR

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file deletion vulnerability exists in the export template in the LibreHealthIO LH-EHR REL-2.0.0 release. An attacker can exploit this vulnerability to cause a denial of servic...

7.1CVSS6.9AI score0.00953EPSS

CNVD•added 2018/08/22 12:0 a.m.•0 views

Arbitrary File Write Vulnerability in LibreHealthIO LH-EHR

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file write vulnerability exists in the export template in the LibreHealthIO LH-HER REL-2.0.0 release. An attacker can exploit this vulnerability to write files with malicious...

8.8CVSS8.9AI score0.02418EPSS

NVD•added 2018/08/20 7:31 p.m.•11 views

CVE-2018-1000650

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...

8.8CVSS9AI score0.00232EPSS

OSV•added 2018/08/20 7:31 p.m.•16 views

CVE-2018-1000650

8.8CVSS7.9AI score

OSV•added 2018/08/20 7:31 p.m.•10 views

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...

8.8CVSS7.7AI score

NVD•added 2018/08/20 7:31 p.m.•7 views

CVE-2018-1000647

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter...

7.1CVSS6.8AI score0.00953EPSS

OSV•added 2018/08/20 7:31 p.m.•13 views

CVE-2018-1000647

7.1CVSS6.8AI score

NVD•added 2018/08/20 7:31 p.m.•10 views

CVE-2018-1000646

8.8CVSS9.1AI score0.02418EPSS

NVD•added 2018/08/20 7:31 p.m.•8 views

CVE-2018-1000645

LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...

6.5CVSS6.3AI score0.00403EPSS

OSV•added 2018/08/20 7:31 p.m.•17 views

CVE-2018-1000645

6.5CVSS6.4AI score