Vulnerability in Open-emr Openemr
CVE-2011-5161
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing…
EPSS: 0.028 (86.5th percentile) — read the EPSS interpretation.
Affected products
- Open-emr Openemr — versions 4.0.0, 4.1.0, 4.1.1
- N/a — versions n/a
References
- openemr-shell-file-upload(71981) (vdb-entry, x_refsource_XF)
- 18274 (Exploit, exploit, x_refsource_EXPLOIT-DB)