CVE-2020-24621

A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:openmrs:htmlformentry:*:*:*:*:*:openmrs:*:*

Information

Published : 2020-09-24 21:23

Updated : 2020-10-05 11:41


NVD link : CVE-2020-24621

Mitre link : CVE-2020-24621


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

openmrs

  • htmlformentry