CVE-2026-24849
10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the disposeDocument() method in EtherFaxActions.php allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user (regardless of privilege level) can exploit this vulnerability to read sensitive files. Version 7.0.4 patches the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| openemr | openemr | < 7.0.4 | affected |
Weaknesses
- CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://github.com/openemr/openemr/security/advisories/GHSA-w6vc-hx2x-48pc
- https://github.com/openemr/openemr/commit/22f8e53e5769a88b7a16cb223bd197d044c84e5a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.