lh-ehr icon indicating copy to clipboard operation
lh-ehr copied to clipboard
verified publisher icon LibreHealthIO

Authenticated Unrestricted File Deletion

Open prodigysml opened this issue 7 years ago • 8 comments

The Issue

Unrestricted file deletion vulnerabilities are caused by overly trusting a user's input and allowing the user to manipulate the path of the file to be deleted. This may allow an attacker to create a denial of service scenario.

An attacker must be authenticated to perform this attack.

Where the Issue Occurred

The following code snippet displays the usage of the unlink function in PHP within the lh-ehr application: https://github.com/LibreHealthIO/lh-ehr/blob/cacaa71dca75c3bf53cdce506fbb62e8b0593f76/patient_portal/import_template.php#L30

prodigysml avatar Jul 23 '18 11:07 prodigysml

Hello @aethelwulffe how can I navigate to the option to upload or delete a template in the Librehealth application

prondubuisi avatar Feb 01 '19 05:02 prondubuisi

Uh...Administration/Files

The cheezy upper box should have a drop-down in it (blank, but there is a list) that allows access to that ancient template file system.

In the last 14 years, I have never seen anyone use it.

-Of course, I could be totally wrong about what you are asking.

On 2019-02-01 00:08, Onyemenam Ndubuisi wrote:

Hello @aethelwulffe https://github.com/aethelwulffe how can I navigate to the option to upload or delete a template in the Librehealth application

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/LibreHealthIO/lh-ehr/issues/1212#issuecomment-459607778, or mute the thread https://github.com/notifications/unsubscribe-auth/AAhzFx_2tyPLzLOGDd54pu5C9jqp0C35ks5vI8u3gaJpZM4Va2Xq.

aethelwulffe avatar Feb 01 '19 05:02 aethelwulffe

@aethelwulffe I have tried seeing the upload, delete, save template but the navigation I got don't seem to do that, can you please check again import template

prondubuisi avatar Feb 04 '19 14:02 prondubuisi

I would need to figure out what, if anything, the feature still does. Might be relevant to printing labels for pill or sample bottles or something still. -We sort of lost Terry, who was the primary guru for a large number of features. I will try to get to figuring it all out (unless you can tell me what feature it is you are trying to affect with the template). I need to get the spanish translations posted first though.

aethelwulffe avatar Feb 04 '19 17:02 aethelwulffe

Am looking to solving this Issue, But I can't do that except I know how to trigger it, this particular feature has lots of issues related to it though.

prondubuisi avatar Feb 04 '19 17:02 prondubuisi

Hi, do you plan to address this vulnerability? :) Note that it appears CVE-2018-1000647 was assigned.

NicoleG25 avatar Jan 08 '20 13:01 NicoleG25

Hi please stilll looking where to simulate this issues but it seems this functionality is not used

MathurinNkenfack avatar Mar 25 '20 17:03 MathurinNkenfack

Hello, I would love to work on this

Falence avatar Mar 30 '20 09:03 Falence