CVE-2018-1000649

moderate-risk
Published 2018-08-20

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.

Do I need to act?

~
2.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Librehealth

References (4)

Exploit https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP-2/
Exploit https://github.com/LibreHealthIO/lh-ehr/issues/1214
Exploit https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP-2/
Exploit https://github.com/LibreHealthIO/lh-ehr/issues/1214
40
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 5/34 · Minimal
Exposure 5/34 · Minimal