CVE Vulnerabilities

CVE-2011-5161

Published: Sep 09, 2012 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/.

Affected Software

Name Vendor Start Version End Version
Openemr Open-emr 4.0.0 (including) 4.0.0 (including)
Openemr Open-emr 4.1.0 (including) 4.1.0 (including)
Openemr Open-emr 4.1.1 (including) 4.1.1 (including)

References