Command Injection Vulnerability in OpenEMR 5.0.2.1 Patient Portal

Command Injection Vulnerability in OpenEMR 5.0.2.1 Patient Portal

CVE-2020-36243 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.

Learn more about our Web Application Penetration Testing UK.