Joshua Fam

**Name of the Vulnerable Software and Affected Versions** OpenEMR versions prior to 5.0.1.4 **Description** The issue allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code. This is achieved by writing a file with a PHP extension via the `docid` and `content` parameters and accessing it in the traversed directory. The attacker can exploit this by using directory traversal techniques in the portal/import template.php file. **Recommendations** For versions prior to 5.0.1.4, update to version 5.0.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the portal/import template.php file and limiting the ability to write files with PHP extensions via the `docid` and `content` parameters.