Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:DIR:OPENEMR-DNLD-TEMPLATE
Severity	Minor
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	OpenEMR download_template.php Information Disclosure
Release Date	2019/11/19
Update Number	3226
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: OpenEMR download_template.php Information Disclosure

This signature detects attempts to exploit a known vulnerability against OpenEMR. A successful attack can lead to sensitive information disclosure.

Extended Description

In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.

Affected Products

Open-emr openemr 5.0.1

References

CVE: CVE-2019-3967

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: OpenEMR download_template.php Information Disclosure

Extended Description

Affected Products

References