OpenMRS htmlformentry Module Path Traversal Remote Code Execution Vulnerability

OpenMRS htmlformentry Module Path Traversal Remote Code Execution Vulnerability

CVE-2020-24621 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.

Learn more about our Web Application Penetration Testing UK.