New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authenticated Unrestricted File Deletion #1212
Comments
|
Hello @aethelwulffe how can I navigate to the option to upload or delete a template in the Librehealth application |
|
Uh...Administration/Files
The cheezy upper box should have a drop-down in it (blank, but there is
a list) that allows access to that ancient template file system.
In the last 14 years, I have never seen anyone use it.
…-Of course, I could be totally wrong about what you are asking.
On 2019-02-01 00:08, Onyemenam Ndubuisi wrote:
Hello @aethelwulffe <https://github.com/aethelwulffe> how can I
navigate to the option to upload or delete a template in the
Librehealth application
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1212 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAhzFx_2tyPLzLOGDd54pu5C9jqp0C35ks5vI8u3gaJpZM4Va2Xq>.
|
|
@aethelwulffe I have tried seeing the upload, delete, save template but the navigation I got don't seem to do that, can you please check again |
|
I would need to figure out what, if anything, the feature still does. Might be relevant to printing labels for pill or sample bottles or something still. |
|
Am looking to solving this Issue, But I can't do that except I know how to trigger it, this particular feature has lots of issues related to it though. |
|
Hi, do you plan to address this vulnerability? :) |
|
Hi please stilll looking where to simulate this issues but it seems this functionality is not used |
|
Hello, I would love to work on this |

The Issue
Unrestricted file deletion vulnerabilities are caused by overly trusting a user's input and allowing the user to manipulate the path of the file to be deleted. This may allow an attacker to create a denial of service scenario.
An attacker must be authenticated to perform this attack.
Where the Issue Occurred
The following code snippet displays the usage of the
unlinkfunction in PHP within the lh-ehr application:lh-ehr/patient_portal/import_template.php
Line 30 in cacaa71
The text was updated successfully, but these errors were encountered: