← volver
CVE-2018-15154

CVE-2018-15154

EPSS 10.2%
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/openemr/openemr/pull/1757https://insecurity.sh/reports/openemr.pdfhttps://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/https://www.open-emr.org/wiki/index.php/OpenEMR_Patches