Lh Ehr
by LibreHealth
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-23829 | 0.00 | — | 0.02 | Sep 1, 2020 | interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. | |||
| CVE-2018-1000839 | 0.00 | — | 0.04 | Dec 20, 2018 | LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type. | |||
| CVE-2018-1000648 | 0.00 | — | 0.02 | Aug 20, 2018 | LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User… | |||
| CVE-2018-1000645 | 0.00 | — | 0.00 | Aug 20, 2018 | LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled… | |||
| CVE-2018-1000649 | 0.00 | — | 0.02 | Aug 20, 2018 | LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be… | |||
| CVE-2018-1000647 | 0.00 | — | 0.01 | Aug 20, 2018 | LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter. | |||
| CVE-2018-1000646 | 0.00 | — | 0.02 | Aug 20, 2018 | LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution. | |||
| CVE-2018-1000650 | 0.00 | — | 0.00 | Aug 20, 2018 | LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters. |
- CVE-2020-23829Sep 1, 2020risk 0.00cvss —epss 0.02
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
- CVE-2018-1000839Dec 20, 2018risk 0.00cvss —epss 0.04
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.
- CVE-2018-1000648Aug 20, 2018risk 0.00cvss —epss 0.02
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User…
- CVE-2018-1000645Aug 20, 2018risk 0.00cvss —epss 0.00
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled…
- CVE-2018-1000649Aug 20, 2018risk 0.00cvss —epss 0.02
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be…
- CVE-2018-1000647Aug 20, 2018risk 0.00cvss —epss 0.01
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.
- CVE-2018-1000646Aug 20, 2018risk 0.00cvss —epss 0.02
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.
- CVE-2018-1000650Aug 20, 2018risk 0.00cvss —epss 0.00
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.