Description
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerability can be exploited to achieve Remote Code Execution (RCE) by uploading malicious PHP web shells.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/openemr/openemr/security/advisories/GHSA-5vp5-4rm6-h4c9
Scores
CVSS v3
9.9
EPSS
0.0014
EPSS Percentile
33.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
open-emr/openemr
< 7.0.4
Published
Mar 03, 2026
Tracked Since
Mar 04, 2026