Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:CTS:OPENEMR-NEWPHP-CMD-INJ
Severity	Critical
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	OpenEMR New.php Command Injection
Release Date	2020/01/16
Update Number	3244
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: OpenEMR New.php Command Injection

This signature detects attempts to exploit a known vulnerability against OpenEMR. A successful attack can lead to command injection and arbitrary code execution.

Extended Description

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.

Affected Products

Open-emr openemr 5.0.1

References

CVE: CVE-2019-3968
URL: https://www.tenable.com/security/research/tra-2019-40

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: OpenEMR New.php Command Injection

Extended Description

Affected Products

References