PT-2018-9499 · Librehealthio · Librehealthio Lh-Ehr

Prodigysml

Publicado

2018-08-20

Atualizado

2018-10-16

CVE-2018-1000646

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreHealthIO LH-EHR version REL-2.0.0

Description The issue concerns an Authenticated Unrestricted File Write vulnerability in the Import template, which can lead to writing files with malicious content and potentially result in remote code execution.

Recommendations For LibreHealthIO LH-EHR version REL-2.0.0, consider restricting access to the Import template feature until a fix is available to prevent potential exploitation.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2018-1000646

Produtos afetados

Librehealthio Lh-Ehr

PT-2018-9499 · Librehealthio · Librehealthio Lh-Ehr

CVE-2018-1000646

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4