EUVD-2018-1980

Malware in sbrugna...

Arbitrary File Write Vulnerability in LibreHealthIO LH-EHR

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file write vulnerability exists in the export template in the LibreHealthIO LH-HER REL-2.0.0 release. An attacker can exploit this vulnerability to write files with malicious...

CVE-2018-1000650

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...

CVE-2018-1000647

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter...

CVE-2018-1000647

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter...

CVE-2018-1000646

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution...

Sql injection

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters...

Unrestricted file upload

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution...

Design/Logic Flaw

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

Arbitrary file deletion

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter...

Unrestricted file upload

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...

CVE-2018-1000648

Summary: CVE-2018-1000648 affects LibreHealthIO lh-ehr REL-2.0.0. The vulnerability is an Authenticated Unrestricted File Write in the patient letter/file handling logic, where user-controlled parameters can cause files to be written with malicious content, potentially enabling remote code execut...

CVE-2018-1000647

The CVE-2018-1000647 entry concerns LibreHealthIO LH-EHR REL-2.0.0, where the Import template exposes an Authenticated Unrestricted File Deletion vulnerability that can cause Denial of Service. The vulnerability is exploitable via a user-controlled parameter, with CVSS metrics indicating Network ...

CVE-2018-1000649

LibreHealthIO LH-EHR REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in letter.php (2) within the Patient file letter functions. The issue allows writing files with malicious content via user-controlled input, potentially enabling remote code execution. This entry is cor...

CVE-2018-1000646

Technical details about CVE-2018-1000646 are not publicly provided in the connected documents; monitor for updates.

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...