What is CVE-2018-15139?

CVE-2018-15139 is a vulnerability in N/a. Published 2018-08-13.

Is CVE-2018-15139 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-15139

Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload for…

EPSS: 0.780 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-proje… (x_refsource_MISC)
github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3… (x_refsource_CONFIRM)
packetstormsecurity.com/files/163110/OpenEMR-5.0.1.3-Shell-Upload.html (x_refsource_MISC)
packetstormsecurity.com/files/163482/OpenEMR-5.0.1.3-Shell-Upload.html (x_refsource_MISC)
github.com/Hacker5preme/Exploits/tree/main/CVE-2018-15139-Exploit (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-15139?: CVE-2018-15139 is a vulnerability in N/a. Published 2018-08-13.
Is CVE-2018-15139 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.