Arbitrary File Upload Vulnerability in LH-EHR REL-2_0_0: Remote Code Execution via Profile Picture Upload

CVE-2018-1000839 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.

Learn more about our Web Application Penetration Testing UK.