CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-1000839

LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/
https://github.com/LibreHealthIO/lh-ehr/issues/1223
https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/
https://github.com/LibreHealthIO/lh-ehr/issues/1223

Products affected by CVE-2018-1000839

Librehealth » Librehealth Ehr » Version: 2.0.0

cpe:2.3:a:librehealth:librehealth_ehr:2.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000839

Products

Pricing

Contact Us