Vulnerability Details CVE-2017-9380
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 67.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/163087/OpenEMR-5.0.0-Remote-Shell-Upload.html
- https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-9380-Exploit
- https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-002
- http://packetstormsecurity.com/files/163087/OpenEMR-5.0.0-Remote-Shell-Upload.html
- https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-9380-Exploit
- https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-002
Products affected by CVE-2017-9380
-
cpe:2.3:a:open-emr:openemr:-
-
cpe:2.3:a:open-emr:openemr:2.0.1.2
-
cpe:2.3:a:open-emr:openemr:2.7
-
cpe:2.3:a:open-emr:openemr:2.7.1
-
cpe:2.3:a:open-emr:openemr:2.7.2
-
cpe:2.3:a:open-emr:openemr:2.7.3
-
cpe:2.3:a:open-emr:openemr:2.8.0
-
cpe:2.3:a:open-emr:openemr:2.8.1
-
cpe:2.3:a:open-emr:openemr:2.8.2
-
cpe:2.3:a:open-emr:openemr:2.8.3
-
cpe:2.3:a:open-emr:openemr:2.9.0
-
cpe:2.3:a:open-emr:openemr:3.0.0
-
cpe:2.3:a:open-emr:openemr:3.0.1
-
cpe:2.3:a:open-emr:openemr:3.1.0
-
cpe:2.3:a:open-emr:openemr:3.2.0
-
cpe:2.3:a:open-emr:openemr:4.0.0
-
cpe:2.3:a:open-emr:openemr:4.1.0
-
cpe:2.3:a:open-emr:openemr:4.1.1
-
cpe:2.3:a:open-emr:openemr:4.1.2
-
cpe:2.3:a:open-emr:openemr:4.1.2.3
-
cpe:2.3:a:open-emr:openemr:4.1.2.6
-
cpe:2.3:a:open-emr:openemr:4.1.2.7
-
cpe:2.3:a:open-emr:openemr:4.2.0
-
cpe:2.3:a:open-emr:openemr:4.2.0.3
-
cpe:2.3:a:open-emr:openemr:4.2.1
-
cpe:2.3:a:open-emr:openemr:4.2.2
-
cpe:2.3:a:open-emr:openemr:5.0.0