CVE-2018-1000645
MEDIUMLibreHealthIO lh-ehr <REL-2.0.0 - Info Disclosure
Title source: llmDescription
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/LibreHealthIO/lh-ehr/issues/1210
Exploit, Third Party Advisory x_refsource_misc
https://0dd.zone/2018/08/05/lh-ehr-Authenticated-Local-File-Disclosure/
Scores
CVSS v3
6.5
EPSS
0.0137
EPSS Percentile
68.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
librehealth/librehealth_ehr
< 2.0.0
Published
Aug 20, 2018
Tracked Since
Feb 18, 2026