Arbitrary File Download Vulnerability in OpenEMR 5.0.1 and Earlier

Arbitrary File Download Vulnerability in OpenEMR 5.0.1 and Earlier

CVE-2019-3967 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.

Learn more about our Web Application Penetration Testing UK.