| Max CVSS | 6.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-15140 | 4.0 |
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
|
10-10-2018 - 18:23 | 13-08-2018 - 18:29 | |
| CVE-2018-15142 | 6.5 |
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" pa
|
10-10-2018 - 18:21 | 13-08-2018 - 18:29 | |
| CVE-2018-15141 | 5.5 |
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
|
10-10-2018 - 18:20 | 13-08-2018 - 18:29 |