Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenEMR Arbitrary File Write leading to Remote Code Execution
Vulnerability Description
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerability can be exploited to achieve Remote Code Execution (RCE) by uploading malicious PHP web shells.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
OpenEMR 路径遍历漏洞
Vulnerability Description
OpenEMR是OpenEMR社区的一套开源的医疗管理系统。该系统可用于医疗实践管理、电子医疗记录、处方书写和医疗帐单申请。 OpenEMR 7.0.4及之前版本存在路径遍历漏洞,该漏洞源于EtherFaxActions.php中的disposeDocument方法允许经过身份验证的用户向服务器文件系统的任意位置写入任意内容,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A