[security vulnerability] Arbitrary file deletion vulnerability 

Recently, our team found a Arbitrary file deletion vulnerability 
The vulnerability logic is present in the file:
https://github.com/LibreHealthIO/lh-ehr/blob/master/interface/fax/fax_dispatch.php#L49
https://github.com/LibreHealthIO/lh-ehr/blob/master/interface/fax/fax_dispatch.php#L50
https://github.com/LibreHealthIO/lh-ehr/blob/master/interface/fax/fax_dispatch.php#L315

![image](https://github.com/LibreHealthIO/lh-ehr/assets/131662463/d10540f0-bf74-4c37-a2de-096a06e4b5dd)
![image](https://github.com/LibreHealthIO/lh-ehr/assets/131662463/c88e8881-2884-48dc-a0f6-02df3e3b64b0)


The variable `$filename` can be controlled by `$_GET['scan']`. By concatenating $filename with `$filepath` and passing it directly into the `unlink` function, it can lead to arbitrary file deletion vulnerability.

To fix this vulnerability, we recommend that developers implement properly sanitize  for user input before displaying it on the webpage.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[security vulnerability] Arbitrary file deletion vulnerability #1695

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[security vulnerability] Arbitrary file deletion vulnerability #1695

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions