Vulnerability Details : CVE-2018-1000648
Potential exploit
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.
Vulnerability category: Execute code
Products affected by CVE-2018-1000648
- cpe:2.3:a:librehealth:librehealth_ehr:2.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000648
2.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1000648
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-1000648
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000648
-
https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Write-Letter-PHP/
LH-EHR Authenticated Unrestricted File Write in letter.php | 0dd - The Zero (0) Day DivisionExploit;Third Party Advisory
-
https://github.com/LibreHealthIO/lh-ehr/issues/1213
Authenticated Unrestricted File Write in letter.php · Issue #1213 · LibreHealthIO/lh-ehr · GitHubExploit;Third Party Advisory
Jump to