Vulnerability Description
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Librehealth | Librehealth Ehr | < 2.0.0 |
Related Weaknesses (CWE)
References
- https://0dd.zone/2018/08/05/lh-ehr-Authenticated-Local-File-Disclosure/ExploitThird Party Advisory
- https://github.com/LibreHealthIO/lh-ehr/issues/1210ExploitThird Party Advisory
- https://0dd.zone/2018/08/05/lh-ehr-Authenticated-Local-File-Disclosure/ExploitThird Party Advisory
- https://github.com/LibreHealthIO/lh-ehr/issues/1210ExploitThird Party Advisory
FAQ
What is CVE-2018-1000645?
CVE-2018-1000645 is a vulnerability with a CVSS score of 6.5 (MEDIUM). LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive ...
How severe is CVE-2018-1000645?
CVE-2018-1000645 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000645?
Check the references section above for vendor advisories and patch information. Affected products include: Librehealth Librehealth Ehr.