Vulnerability in N/a
CVE-2018-15153
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" g…
EPSS: 0.616 (99.1th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- insecurity.sh/reports/openemr.pdf (x_refsource_MISC)
- www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-proje… (x_refsource_MISC)
- www.open-emr.org/wiki/index.php/OpenEMR_Patches (x_refsource_CONFIRM)
- github.com/openemr/openemr/pull/1757 (x_refsource_CONFIRM)
- 45161 (exploit, x_refsource_EXPLOIT-DB)