Command Execution Vulnerability in OpenEMR 4.1.0 by OpenEMR
CVE-2012-0992

Currently unrated

Key Information:

Vendor

Openemr

Status
Openemr
Vendor
CVE Published:
7 February 2012

What is CVE-2012-0992?

A vulnerability in OpenEMR version 4.1.0 allows remote authenticated users to exploit the system by executing arbitrary commands. This is possible through the manipulation of the file parameter in the interface/fax/fax_dispatch.php script, where the presence of shell metacharacters can be leveraged to execute unauthorized commands. This vulnerability highlights the importance of input validation and the potential for serious security implications if exploited.

References

https://www.htbridge.ch/advisory/HTB23069
x_refsource_MISC
http://osvdb.org/78731
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/51788
vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.