RSS   Podatności dla 'Librehealth ehr'   RSS

2020-07-15
 
CVE-2020-11439

CWE-20
 

 
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.

 
 
CVE-2020-11438

CWE-352
 

 
LibreHealth EMR v2.0.0 is affected by systemic CSRF.

 
 
CVE-2020-11437

CWE-89
 

 
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.

 
 
CVE-2020-11436

CWE-79
 

 
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.

 
2018-12-20
 
CVE-2018-1000839

CWE-434
 

 
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.

 
2018-08-20
 
CVE-2018-1000650

CWE-89
 

 
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.

 
 
CVE-2018-1000649

CWE-732
 

 
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.

 
 
CVE-2018-1000648

CWE-269
 

 
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.

 
 
CVE-2018-1000647

CWE-22
 

 
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.

 
 
CVE-2018-1000646

CWE-434
 

 
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.

 


Copyright 2021, cxsecurity.com

 

Back to Top