Unrated severityNVD Advisory· Published Sep 25, 2020· Updated Aug 4, 2024
CVE-2020-24621
CVE-2020-24621
Description
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenMRS/htmlformentrydescription
- Range: <3.11.0
Patches
Vulnerability mechanics
References
5- github.com/openmrs/openmrs-module-htmlformentry/pull/178mitrex_refsource_MISC
- github.com/openmrs/openmrs-module-uiframework/pull/59mitrex_refsource_MISC
- issues.openmrs.org/browse/HTML-730mitrex_refsource_MISC
- www.contrastsecurity.com/security-influencersmitrex_refsource_MISC
- www.contrastsecurity.com/security-influencers/authenticated-remote-code-execution-openmrsmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.