CVE-2018-1000645

MEDIUM

LibreHealthIO lh-ehr <REL-2.0.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/LibreHealthIO/lh-ehr/issues/1210
Exploit, Third Party Advisory x_refsource_misc
https://0dd.zone/2018/08/05/lh-ehr-Authenticated-Local-File-Disclosure/

Scores

CVSS v3 6.5
EPSS 0.0137
EPSS Percentile 68.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
librehealth/librehealth_ehr < 2.0.0
Published Aug 20, 2018
Tracked Since Feb 18, 2026