New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authenticated Unrestricted File Write in import_template.php #1211
Comments
|
Hi, do you plan to address this vulnerability? :) |
How does this assignment work? |
Hi, I'm not quite sure I understand your question but nevertheless here is an explanation about CVE'S. |
|
From my end i found out that the file that writes
A check has already been made for files a user can write |
The Issue
Unrestricted file write vulnerabilities allow attackers to write file such as PHP files, in locations where the web server user has access to write. This may allow an attacker to write files with malicious content and may lead to remote code execution.
An attacker must be authenticated to perform this attack.
Where the Issue Occurred
The following code snippet displays the usage of the
file_put_contentsfunction in PHP within the lh-ehr application:lh-ehr/patient_portal/import_template.php
Line 27 in cacaa71
The text was updated successfully, but these errors were encountered: