High severity8.8OSV Advisory· Published Dec 20, 2018· Updated Jun 17, 2026
CVE-2018-1000839
CVE-2018-1000839
Description
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2EventPlanning, INTERN, REL-2_0_0, …+ 1 more
- (no CPE)range: EventPlanning, INTERN, REL-2_0_0, …
- (no CPE)range: =REL-2_0_0
Patches
Vulnerability mechanics
References
2- 0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/nvdExploitThird Party Advisory
- github.com/LibreHealthIO/lh-ehr/issues/1223nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.