CVE-2018-1000646

Sažetak

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.

Reference

https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/
https://github.com/LibreHealthIO/lh-ehr/issues/1211

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-10-2018 - 18:40

Objavljeno

20-08-2018 - 19:31