QwikSec

Security Database

CVE

CWE

Training

CVE-2018-15154

Published: Aug 15, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://insecurity.sh/reports/openemr.pdf

x_refsource_MISC

https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/

x_refsource_MISC

https://www.open-emr.org/wiki/index.php/OpenEMR_Patches

x_refsource_CONFIRM

https://github.com/openemr/openemr/pull/1757

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.