Librehealth: >> Librehealth Ehr Security Vulnerabilities
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
CVSS Score
8.8
EPSS Score
0.025
Published
2020-09-01
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
CVSS Score
9.0
EPSS Score
0.007
Published
2020-07-15
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-07-15
LibreHealth EMR v2.0.0 is affected by systemic CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-07-15
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-07-15
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.
CVSS Score
8.8
EPSS Score
0.025
Published
2018-12-20
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.
CVSS Score
8.8
EPSS Score
0.021
Published
2018-08-20
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-08-20
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.
CVSS Score
8.8
EPSS Score
0.021
Published
2018-08-20
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.
CVSS Score
8.8
EPSS Score
0.025
Published
2018-08-20