CVE-2018-15141
Published
CVSS v3
N/A
CVSS v2
5.5
MEDIUM
Affected
1
PROJECT
Description
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
The most popular open source electronic health records and medical practice management solution.
GitHub