Malicious File Upload Vulnerability in OpenEMR Product by OpenEMR
CVE-2020-19364

8.8HIGH

Key Information:

Vendor: Open-emr
Status: Openemr
Vendor: CVE Published:; 20 January 2021

What is CVE-2020-19364?

OpenEMR version 5.0.1 is vulnerable to a malicious file upload issue, allowing authenticated attackers to upload and execute harmful PHP scripts through the /controller.php interface. This vulnerability can lead to unauthorized command execution on the server, potentially compromising the entire system. It's crucial for users to assess and remediate this security flaw promptly to safeguard their applications.

References

https://github.com/EmreOvunc/OpenEMR_Vulnerabilities

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Aug 13, 2020

CVE-2020-19364 Data

JSON

Open-emr

What is CVE-2020-19364?

References

CVSS V3.1

Timeline