CVE-2018-15141

Published: 2018-08-13T18:29Z

Last Modified: 2024-11-21T03:50Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt