Max CVSS 6.5 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2018-15140 4.0
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
10-10-2018 - 18:23 13-08-2018 - 18:29
CVE-2018-15142 6.5
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" pa
10-10-2018 - 18:21 13-08-2018 - 18:29
CVE-2018-15141 5.5
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
10-10-2018 - 18:20 13-08-2018 - 18:29
Back to Top Mark selected
Back to Top