OS command execution in OpenEMR

#VU10840 OS command execution in OpenEMR

Published: 2018-03-05 | Updated: 2020-05-27

Vulnerability identifier: #VU10840

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000019

CWE-ID: CWE-78

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenEMR
Client/Desktop applications / Other client software

Vendor: OpenEMR

Description
The vulnerability allows a remote authenticated attacker to execute arbitrary shell commands on the target system.

The weakness exists in fax_dispatch.php due to insufficient validation of user-supplied input. A remote attacker can inject arbitrary commands in the context of the authenticated user.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OpenEMR: 5.0.0.1

External links
http://www.sec-consult.com/en/blog/advisories/os-command-injection-reflected-cross-site-scripting-i...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in OpenEMR