Lucene search

K
LibrehealthLibrehealth Ehr

7 matches found

CVE
CVE
added 2018/08/20 7:31 p.m.33 views

CVE-2018-1000649

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User control...

8.8CVSS8.9AI score0.02094EPSS
CVE
CVE
added 2018/08/20 7:31 p.m.33 views

CVE-2018-1000650

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.

8.8CVSS8.9AI score0.00244EPSS
CVE
CVE
added 2018/08/20 7:31 p.m.32 views

CVE-2018-1000645

LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...

6.5CVSS6.2AI score0.00425EPSS
CVE
CVE
added 2018/08/20 7:31 p.m.32 views

CVE-2018-1000646

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.

8.8CVSS9AI score0.02544EPSS
CVE
CVE
added 2018/08/20 7:31 p.m.32 views

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.

8.8CVSS8.9AI score0.02094EPSS
CVE
CVE
added 2018/08/20 7:31 p.m.30 views

CVE-2018-1000647

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.

7.1CVSS6.8AI score0.00953EPSS
CVE
CVE
added 2018/12/20 3:29 p.m.26 views

CVE-2018-1000839

LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.

8.8CVSS8.8AI score0.02544EPSS