{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T11:18:25.472","vulnerabilities":[{"cve":{"id":"CVE-2018-1000647","sourceIdentifier":"cve@mitre.org","published":"2018-08-20T19:31:41.683","lastModified":"2024-11-21T03:40:19.130","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter."},{"lang":"es","value":"LibreHealthIO lh-ehr en versiones anteriores a REL-2.0.0 contiene una vulnerabilidad de borrado de archivos autenticados sin restricciones en la plantilla Import que puede resultar en una denegación de servicio (DoS). Parece ser que este ataque puede ser explotado mediante un parámetro controlado por el usuario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:librehealth:librehealth_ehr:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"9E9170AF-92DB-4B39-AC8F-73EB8CB496CC"}]}]}],"references":[{"url":"https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Deletion/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/LibreHealthIO/lh-ehr/issues/1212","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://0dd.zone/2018/08/07/lh-ehr-Authenticated-File-Deletion/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/LibreHealthIO/lh-ehr/issues/1212","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}