cbcvebase.
CVE-2019-3967
published 2019-08-20

CVE-2019-3967: In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary…

PriorityP350medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
30.25%
98.0th percentile
In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.

Affected

5 ranges
VendorProductVersion rangeFixed in
ffmpegffmpeg>= 0 < 7:2.8.17-0ubuntu0.17:2.8.17-0ubuntu0.1
ffmpegffmpeg>= 0 < 7:3.4.8-0ubuntu0.27:3.4.8-0ubuntu0.2
ffmpegffmpeg>= 0 < 7:4.2.4-1ubuntu0.17:4.2.4-1ubuntu0.1
open-emropenemr<= 5.0.1
open-emropenemr

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.