Vulnerabilities > Open EMR > Openemr > 5.0.1.2

DATE CVE VULNERABILITY TITLE RISK
2018-08-13 CVE-2018-15141 Path Traversal vulnerability in Open-Emr Openemr
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
network
low complexity
open-emr CWE-22
6.5
6.5
2018-08-13 CVE-2018-15140 Path Traversal vulnerability in Open-Emr Openemr
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
network
low complexity
open-emr CWE-22
6.5
6.5
2018-08-13 CVE-2018-15139 Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
network
low complexity
open-emr CWE-434
8.8
8.8