CVE-2018-15142

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 5.0.1.4

Description The issue allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code. This is achieved by writing a file with a PHP extension via the docid and content parameters and accessing it in the traversed directory. The attacker can exploit this by using directory traversal techniques in the portal/import template.php file.

Recommendations For versions prior to 5.0.1.4, update to version 5.0.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the portal/import template.php file and limiting the ability to write files with PHP extensions via the docid and content parameters.