This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:DIR:OPENEMR-AJAX-DOWNLOAD
|
Severity |
Minor
|
Recommended |
Yes
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
OpenEMR ajax_download.php Directory Traversal
|
Release Date |
2020/01/07
|
Update Number |
3241
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: OpenEMR ajax_download.php Directory Traversal
This signature detects attempts to exploit a known vulnerability against OpenEMR. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
Affected Products
- Open-emr openemr 2.0.1.2
- Open-emr openemr 2.7.2
- Open-emr openemr 2.7.3
- Open-emr openemr 2.8.0
- Open-emr openemr 2.8.1
- Open-emr openemr 2.8.2
- Open-emr openemr 2.8.3
- Open-emr openemr 2.9.0
- Open-emr openemr 3.0.0
- Open-emr openemr 3.0.1
- Open-emr openemr 3.1.0
- Open-emr openemr 3.2.0
- Open-emr openemr 4.0.0
- Open-emr openemr 4.1.0
- Open-emr openemr 4.1.1
- Open-emr openemr 4.1.2
- Open-emr openemr 4.1.2.3
- Open-emr openemr 4.1.2.6
- Open-emr openemr 4.1.2.7
- Open-emr openemr 4.2.0
- Open-emr openemr 4.2.0.3
- Open-emr openemr 4.2.1
- Open-emr openemr 4.2.2
- Open-emr openemr 5.0.0
- Open-emr openemr 5.0.0.5
- Open-emr openemr 5.0.0.6
- Open-emr openemr 5.0.1
- Open-emr openemr 5.0.1.1
- Open-emr openemr 5.0.1.2
- Open-emr openemr 5.0.1.3
- Open-emr openemr 5.0.1.4
- Open-emr openemr 5.0.1.5
- Open-emr openemr 5.0.1-6
- Open-emr openemr 5.0.1.6
- Open-emr openemr 5.0.1.7
References