LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-16T16:59:00.262Z
Reserved: 2018-08-20T00:00:00Z
Link: CVE-2018-1000649

No data.

Status : Modified
Published: 2018-08-20T19:31:43.043
Modified: 2024-11-21T03:40:19.430
Link: CVE-2018-1000649

No data.

No data.