CVE-2018-15141

MEDIUM

OpenEMR < 5.0.1.4 - Authenticated Path Traversal via Patient Portal Import Template

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15141. PoCs published by Joshua Fam.

AI-analyzed exploit summary This exploit demonstrates arbitrary file read, write, and delete vulnerabilities in OpenEMR 5.0.1.3 via malformed POST requests to import_template.php. The PoC includes HTTP requests to read /etc/passwd, write a PHP file, and delete it.

Description

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Joshua Fam · textwebappslinux
https://www.exploit-db.com/exploits/45202

This exploit demonstrates arbitrary file read, write, and delete vulnerabilities in OpenEMR 5.0.1.3 via malformed POST requests to import_template.php. The PoC includes HTTP requests to read /etc/passwd, write a PHP file, and delete it.

Classification
Working Poc 100%
Attack Type
Info Leak | Other
Complexity
Trivial
Reliability
Reliable
Target: OpenEMR < 5.0.1.3
Auth required
Prerequisites: Access to OpenEMR portal · Valid session cookies
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45202/
Patch, Third Party Advisory x_refsource_confirm
https://github.com/openemr/openemr/pull/1765/files

Scores

CVSS v3 6.5
EPSS 0.1447
EPSS Percentile 96.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
open-emr/openemr < 5.0.1.4
Published Aug 13, 2018
Tracked Since Feb 18, 2026