OpenEMR Patient File Download Interface Directory Traversal Vulnerability
A vulnerability in OpenEMR could allow an authenticated, remote attacker to conduct a directory traversal attack on a targeted system.
The vulnerability exists because the patient file download interface of the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by submitting a malicious request to the affected software. A successful exploit could allow the attacker to conduct a directory traversal attack, which the attacker could use to access sensitive information.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
OpenEMR has not confirmed the vulnerability; however, software updates are available.
Security Impact Rating: Medium