High severity8.8OSV Advisory· Published Aug 15, 2018· Updated Jun 17, 2026
CVE-2018-15153
CVE-2018-15153
Description
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
5- www.open-emr.org/wiki/index.php/OpenEMR_PatchesnvdPatchVendor Advisory
- www.exploit-db.com/exploits/45161/nvdExploitThird Party AdvisoryVDB Entry
- github.com/openemr/openemr/pull/1757nvdIssue TrackingThird Party Advisory
- insecurity.sh/reports/openemr.pdfnvdTechnical DescriptionThird Party Advisory
- www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.