CVE-2020-36243

Sažetak

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.

Reference

https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
https://www.open-emr.org/wiki/index.php/OpenEMR_Patches
https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592
https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

01-06-2021 - 17:44

Objavljeno

07-02-2021 - 20:15