boku7/LibreHealth-authRCE

Releases0

Stars13

LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the hosting webserver via uploading a maliciously crafted image.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-23829 ↗	Sep 1, 2020Tuesday, 1 September 2020, 17:15	8.8 HIGH	6.5 MEDIUM
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.