{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T21:37:42.190","vulnerabilities":[{"cve":{"id":"CVE-2018-1000839","sourceIdentifier":"cve@mitre.org","published":"2018-12-20T15:29:01.813","lastModified":"2024-11-21T03:40:28.120","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type."},{"lang":"es","value":"LH-EHR, en su versión REL-2_0_0, contiene una vulnerabilidad de subida de archivos arbitrarios en la subida de la imagen de perfil que puede resultar en la ejecución remota de código. Este ataque parece ser explotable mediante la subida de un archivo PHP con un tipo de imagen MIME."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:librehealth:librehealth_ehr:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"9E9170AF-92DB-4B39-AC8F-73EB8CB496CC"}]}]}],"references":[{"url":"https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/LibreHealthIO/lh-ehr/issues/1223","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://0dd.zone/2018/09/03/lh-ehr-RCE-via-picture-upload/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/LibreHealthIO/lh-ehr/issues/1223","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}