Search criteria
22 vulnerabilities by librehealth
CVE-2022-31496 (GCVE-0-2022-31496)
Vulnerability from cvelistv5 – Published: 2022-06-08 23:53 – Updated: 2024-08-03 07:19
VLAI?
Summary
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T23:53:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31496",
"datePublished": "2022-06-08T23:53:04.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31497 (GCVE-0-2022-31497)
Vulnerability from cvelistv5 – Published: 2022-06-08 11:32 – Updated: 2024-08-03 07:19
VLAI?
Summary
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T11:32:38.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31497",
"datePublished": "2022-06-08T11:32:38.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31495 (GCVE-0-2022-31495)
Vulnerability from cvelistv5 – Published: 2022-06-07 14:09 – Updated: 2024-08-03 07:19
VLAI?
Summary
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T14:09:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31495",
"datePublished": "2022-06-07T14:09:53.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31494 (GCVE-0-2022-31494)
Vulnerability from cvelistv5 – Published: 2022-06-06 22:28 – Updated: 2024-08-03 07:19
VLAI?
Summary
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T22:28:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31494",
"datePublished": "2022-06-06T22:28:14.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31498 (GCVE-0-2022-31498)
Vulnerability from cvelistv5 – Published: 2022-06-06 20:10 – Updated: 2024-08-03 07:19
VLAI?
Summary
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T20:10:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31498",
"datePublished": "2022-06-06T20:10:49.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31492 (GCVE-0-2022-31492)
Vulnerability from cvelistv5 – Published: 2022-06-06 19:56 – Updated: 2024-08-03 07:19
VLAI?
Summary
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T19:56:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31492",
"datePublished": "2022-06-06T19:56:46.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31493 (GCVE-0-2022-31493)
Vulnerability from cvelistv5 – Published: 2022-06-06 18:18 – Updated: 2024-08-03 07:19
VLAI?
Summary
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T18:18:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31493",
"datePublished": "2022-06-06T18:18:59.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29938 (GCVE-0-2022-29938)
Vulnerability from cvelistv5 – Published: 2022-05-05 11:40 – Updated: 2024-08-03 06:33
VLAI?
Summary
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\\billing\\new_payment.php via interface\\billing\\payment_master.inc.php leads to SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T11:40:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\\billing\\new_payment.php via interface\\billing\\payment_master.inc.php leads to SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29938",
"datePublished": "2022-05-05T11:40:35.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:43.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29939 (GCVE-0-2022-29939)
Vulnerability from cvelistv5 – Published: 2022-05-05 11:40 – Updated: 2024-08-03 06:33
VLAI?
Summary
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\\billing\\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T11:40:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\\billing\\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29939",
"datePublished": "2022-05-05T11:40:32.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:43.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29940 (GCVE-0-2022-29940)
Vulnerability from cvelistv5 – Published: 2022-05-05 11:40 – Updated: 2024-08-03 06:33
VLAI?
Summary
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\\orders\\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T11:40:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\\orders\\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29940",
"datePublished": "2022-05-05T11:40:30.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:43.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-23829 (GCVE-0-2020-23829)
Vulnerability from cvelistv5 – Published: 2020-09-01 16:42 – Updated: 2024-08-04 15:05
VLAI?
Summary
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/boku7/LibreHealth-authRCE | x_refsource_MISC |
| https://www.exploit-db.com/exploits/48702 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/boku7/LibreHealth-authRCE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T16:23:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/boku7/LibreHealth-authRCE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/48702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-23829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/boku7/LibreHealth-authRCE",
"refsource": "MISC",
"url": "https://github.com/boku7/LibreHealth-authRCE"
},
{
"name": "https://www.exploit-db.com/exploits/48702",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/48702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-23829",
"datePublished": "2020-09-01T16:42:44.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:05:11.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11438 (GCVE-0-2020-11438)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:34 – Updated: 2024-08-04 11:28
VLAI?
Summary
LibreHealth EMR v2.0.0 is affected by systemic CSRF.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is affected by systemic CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:34:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is affected by systemic CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11438",
"datePublished": "2020-07-15T19:34:10.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11436 (GCVE-0-2020-11436)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:31 – Updated: 2024-08-04 11:28
VLAI?
Summary
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:31:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11436",
"datePublished": "2020-07-15T19:31:45.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11437 (GCVE-0-2020-11437)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:28 – Updated: 2024-08-04 11:28
VLAI?
Summary
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:28:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11437",
"datePublished": "2020-07-15T19:28:07.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11439 (GCVE-0-2020-11439)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:23 – Updated: 2024-08-04 11:28
VLAI?
Summary
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:23:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11439",
"datePublished": "2020-07-15T19:23:50.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000839 (GCVE-0-2018-1000839)
Vulnerability from cvelistv5 – Published: 2018-12-20 15:00 – Updated: 2024-09-16 17:07
VLAI?
Summary
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/issues/1223 | x_refsource_MISC |
| https://0dd.zone/2018/09/03/lh-ehr-RCE-via-pictur… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1223"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1223"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.475758",
"DATE_REQUESTED": "2018-09-03T02:38:48",
"ID": "CVE-2018-1000839",
"REQUESTER": "cam@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/issues/1223",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1223"
},
{
"name": "https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000839",
"datePublished": "2018-12-20T15:00:00.000Z",
"dateReserved": "2018-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:07:49.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000650 (GCVE-0-2018-1000650)
Vulnerability from cvelistv5 – Published: 2018-08-20 19:00 – Updated: 2024-09-16 21:04
VLAI?
Summary
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://0dd.zone/2018/08/08/lh-ehr-Authenticated-… | x_refsource_MISC |
| https://github.com/LibreHealthIO/lh-ehr/issues/1215 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0dd.zone/2018/08/08/lh-ehr-Authenticated-SQL-Injection/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0dd.zone/2018/08/08/lh-ehr-Authenticated-SQL-Injection/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.132252",
"DATE_REQUESTED": "2018-08-08T14:44:41",
"ID": "CVE-2018-1000650",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0dd.zone/2018/08/08/lh-ehr-Authenticated-SQL-Injection/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/08/08/lh-ehr-Authenticated-SQL-Injection/"
},
{
"name": "https://github.com/LibreHealthIO/lh-ehr/issues/1215",
"refsource": "CONFIRM",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000650",
"datePublished": "2018-08-20T19:00:00.000Z",
"dateReserved": "2018-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:04:06.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000648 (GCVE-0-2018-1000648)
Vulnerability from cvelistv5 – Published: 2018-08-20 19:00 – Updated: 2024-09-16 16:13
VLAI?
Summary
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/issues/1213 | x_refsource_MISC |
| https://0dd.zone/2018/08/07/lh-ehr-Authenticated-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.124209",
"DATE_REQUESTED": "2018-08-08T14:35:23",
"ID": "CVE-2018-1000648",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/issues/1213",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1213"
},
{
"name": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000648",
"datePublished": "2018-08-20T19:00:00.000Z",
"dateReserved": "2018-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:13:31.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000649 (GCVE-0-2018-1000649)
Vulnerability from cvelistv5 – Published: 2018-08-20 19:00 – Updated: 2024-09-16 16:59
VLAI?
Summary
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/issues/1214 | x_refsource_MISC |
| https://0dd.zone/2018/08/07/lh-ehr-Authenticated-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1214"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1214"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.125159",
"DATE_REQUESTED": "2018-08-08T14:41:59",
"ID": "CVE-2018-1000649",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/issues/1214",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1214"
},
{
"name": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP-2/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000649",
"datePublished": "2018-08-20T19:00:00.000Z",
"dateReserved": "2018-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:59:00.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000647 (GCVE-0-2018-1000647)
Vulnerability from cvelistv5 – Published: 2018-08-20 19:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/issues/1212 | x_refsource_MISC |
| https://0dd.zone/2018/08/07/lh-ehr-Authenticated-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1212"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Deletion/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1212"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Deletion/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.123270",
"DATE_REQUESTED": "2018-08-08T14:32:40",
"ID": "CVE-2018-1000647",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/issues/1212",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1212"
},
{
"name": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Deletion/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Deletion/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000647",
"datePublished": "2018-08-20T19:00:00.000Z",
"dateReserved": "2018-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:29:25.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000645 (GCVE-0-2018-1000645)
Vulnerability from cvelistv5 – Published: 2018-08-20 19:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/issues/1210 | x_refsource_CONFIRM |
| https://0dd.zone/2018/08/05/lh-ehr-Authenticated-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0dd.zone/2018/08/05/lh-ehr-Authenticated-Local-File-Disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LibreHealthIO lh-ehr version \u003cREL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0dd.zone/2018/08/05/lh-ehr-Authenticated-Local-File-Disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.121199",
"DATE_REQUESTED": "2018-08-08T13:31:17",
"ID": "CVE-2018-1000645",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealthIO lh-ehr version \u003cREL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/issues/1210",
"refsource": "CONFIRM",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1210"
},
{
"name": "https://0dd.zone/2018/08/05/lh-ehr-Authenticated-Local-File-Disclosure/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/08/05/lh-ehr-Authenticated-Local-File-Disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000645",
"datePublished": "2018-08-20T19:00:00.000Z",
"dateReserved": "2018-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:06:22.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000646 (GCVE-0-2018-1000646)
Vulnerability from cvelistv5 – Published: 2018-08-20 19:00 – Updated: 2024-09-16 23:51
VLAI?
Summary
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://0dd.zone/2018/08/07/lh-ehr-Authenticated-… | x_refsource_MISC |
| https://github.com/LibreHealthIO/lh-ehr/issues/1211 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-20T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-19T17:09:33.122288",
"DATE_REQUESTED": "2018-08-08T13:38:36",
"ID": "CVE-2018-1000646",
"REQUESTER": "sajeeb@0dd.zone",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write/"
},
{
"name": "https://github.com/LibreHealthIO/lh-ehr/issues/1211",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/issues/1211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000646",
"datePublished": "2018-08-20T19:00:00.000Z",
"dateReserved": "2018-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:06.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}