CVE-2018-1000839

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT

Description

LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.

LibreHealthIO/lh-ehr
LibreHealthIO/lh-ehr
LibreHealth EHR - Free Open Source Electronic Health Records
GitHubGitHub
296