CVE-2026-24848

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.5

Description OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.5 contain a flaw in the disposeDocument() method within the EtherFaxActions.php file. This allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem, potentially leading to Remote Code Execution (RCE) through the upload of malicious PHP web shells. The vulnerable method allows for the writing of files to the server.

Recommendations Update OpenEMR to version 7.0.5 or later.