CVE-2019-14530

EPSS 66.9%

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.

Affected products

n/a · n/a

public PoCs found — 5

githubgithub.com/sec-it/exploit-CVE-2019-14530★ 4 githubgithub.com/Wezery/CVE-2019-14530★ 0 cve_referencepacketstormsecurity.com/files/163215/OpenEMR-5.0.1.7-Path-Traversal.htmlunverified cve_referencepacketstormsecurity.com/files/163375/OpenEMR-5.0.1.7-Path-Traversal.htmlunverified exploitdbwww.exploit-db.com/exploits/50037unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/163215/OpenEMR-5.0.1.7-Path-Traversal.html http://packetstormsecurity.com/files/163375/OpenEMR-5.0.1.7-Path-Traversal.html https://github.com/Hacker5preme/Exploits/tree/main/CVE-2019-14530-Exploit https://github.com/openemr/openemr/pull/2592 https://github.com/Wezery/CVE-2019-14530