Arbitrary File Upload Vulnerability in LH-EHR REL-2_0_0: Remote Code Execution via Profile Picture Upload
CVE-2018-1000839 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.
Learn more about our Web Application Penetration Testing UK.