What is CVE-2019-14530?

CVE-2019-14530 is a vulnerability in N/a. Published 2019-08-13.

Is CVE-2019-14530 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-14530

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for th…

EPSS: 0.526 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/openemr/openemr/pull/2592 (x_refsource_MISC)
github.com/Wezery/CVE-2019-14530 (x_refsource_MISC)
packetstormsecurity.com/files/163215/OpenEMR-5.0.1.7-Path-Traversal.html (x_refsource_MISC)
packetstormsecurity.com/files/163375/OpenEMR-5.0.1.7-Path-Traversal.html (x_refsource_MISC)
github.com/Hacker5preme/Exploits/tree/main/CVE-2019-14530-Exploit (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-14530?: CVE-2019-14530 is a vulnerability in N/a. Published 2019-08-13.
Is CVE-2019-14530 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.