CVE-2018-1000647

HIGH

LibreHealthIO lh-ehr <REL-2.0.0 - Privilege Escalation

Title source: llm
STIX 2.1

Description

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/LibreHealthIO/lh-ehr/issues/1212
Exploit, Third Party Advisory x_refsource_misc
https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Deletion/

Scores

CVSS v3 7.1
EPSS 0.0147
EPSS Percentile 70.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Details

CWE
CWE-20 CWE-22
Status published
Products (1)
librehealth/librehealth_ehr 2.0.0
Published Aug 20, 2018
Tracked Since Feb 18, 2026