CVE-2019-14530 Scanner

OpenEMR is a widely-used electronic medical record (EMR) and practice management software. It is designed to be a comprehensive solution for medical practices, allowing healthcare providers to manage patient records, appointments, billing, prescription and lab orders, and much more. OpenEMR is an open-source software, which means it is continuously updated by a global community of developers and made freely available to users. It is used by healthcare providers in over 200 countries and is particularly popular among small and mid-sized practices.

CVE-2019-14530 is a vulnerability that was identified in OpenEMR before version 5.0.2. This vulnerability exists in the custom/ajax_download.php file in OpenEMR, specifically in the fileName parameter. An attacker who successfully exploits this vulnerability can download any file that is readable by the user www-data - the user account under which the OpenEMR server runs. This includes sensitive patient data, financial information, and other confidential files. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from the server.

Exploitation of this vulnerability can have serious consequences for healthcare providers and their patients. Cybercriminals can gain unauthorized access to confidential patient data, billing information, and other sensitive information. They can also modify or delete medical records, which can result in serious consequences for patient care and treatment. Furthermore, successful exploitation of this vulnerability can result in financial loss for practices and/or legal consequences.

Thanks to the pro features of the securityforeveryone.com platform, healthcare providers can easily and quickly learn about vulnerabilities in their digital assets and take action to protect their practices and patients. The platform provides comprehensive and up-to-date information on vulnerabilities, along with expert guidance and support for managing and mitigating security risks. With securityforeveryone.com, healthcare providers can rest assured that they have the tools and resources they need to keep their practices and patients safe from cyber threats.

REFERENCES

• https://github.com/openemr/openemr/pull/2592 
• https://github.com/Wezery/CVE-2019-14530 
• http://packetstormsecurity.com/files/163215/OpenEMR-5.0.1.7-Path-Traversal.html 
• http://packetstormsecurity.com/files/163375/OpenEMR-5.0.1.7-Path-Traversal.html 
• https://github.com/Hacker5preme/Exploits/tree/main/CVE-2019-14530-Exploit