CVE-2018-15140

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 5.0.1.4

Description The issue allows a remote attacker authenticated in the patient portal to read arbitrary files. This is achieved via the docid parameter when the mode is set to get in the /portal/import template.php endpoint.

Recommendations For versions prior to 5.0.1.4, update to version 5.0.1.4 or later to resolve the issue.