CVE-2011-5161

OpenEMR 4 - Unauthenticated Arbitrary PHP File Upload via Patient Photograph Feature

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5161. PoCs published by Level.

AI-analyzed exploit summary The exploit demonstrates an arbitrary file upload vulnerability in OpenEMR 4, allowing an attacker to upload a malicious shell via the Patient Photograph feature. It also includes examples of XSS and SQL injection vulnerabilities in the same software.

Description

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/.

Exploits (1)

exploitdb WORKING POC

by Level · textwebappsphp

https://www.exploit-db.com/exploits/18274

View Code ZIP pw:eip

The exploit demonstrates an arbitrary file upload vulnerability in OpenEMR 4, allowing an attacker to upload a malicious shell via the Patient Photograph feature. It also includes examples of XSS and SQL injection vulnerabilities in the same software.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: OpenEMR 4

Auth required

Prerequisites: Valid user credentials · Access to the Patient Photograph upload feature

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/71981

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18274

Scores

EPSS 0.0197

EPSS Percentile 77.8%

Details

Status published

Products (3)

open-emr/openemr 4.0.0

open-emr/openemr 4.1.0

open-emr/openemr 4.1.1

Published Sep 09, 2012

Tracked Since Feb 18, 2026