Openemr · Openemr · CVE-2017-12064
**Name of the Vulnerable Software and Affected Versions**
OpenEMR versions 5.0.0 and prior
**Description**
The issue allows attackers to bypass intended access restrictions. This is achieved via a crafted name in the `csv log html` function, located in the `library/edihistory/edih csv inc.php` file.
**Recommendations**
For OpenEMR versions 5.0.0 and prior, consider restricting access to the `csv log html` function until a patch is available. As a temporary workaround, avoid using crafted names that could exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.