Vulnerabilities > Librehealth > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-09 | CVE-2022-31496 | Unspecified vulnerability in Librehealth EHR 2.0.0 LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. | 8.8 |
| 2022-05-05 | CVE-2022-29938 | SQL Injection vulnerability in Librehealth EHR 2.0.0 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. | 8.8 |
| 2020-09-01 | CVE-2020-23829 | Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0 interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. | 8.8 |
| 2020-07-15 | CVE-2020-11439 | Path Traversal vulnerability in Librehealth EHR 2.0.0 LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application. | 8.8 |
| 2020-07-15 | CVE-2020-11438 | Cross-Site Request Forgery (CSRF) vulnerability in Librehealth EHR 2.0.0 LibreHealth EMR v2.0.0 is affected by systemic CSRF. | 8.8 |
| 2018-12-20 | CVE-2018-1000839 | Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0 LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. | 8.8 |
| 2018-08-20 | CVE-2018-1000650 | SQL Injection vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. | 8.8 |
| 2018-08-20 | CVE-2018-1000649 | Incorrect Permission Assignment for Critical Resource vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. | 8.8 |
| 2018-08-20 | CVE-2018-1000648 | Improper Privilege Management vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. | 8.8 |
| 2018-08-20 | CVE-2018-1000647 | Improper Input Validation vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. | 7.1 |