OpenEMR 5.0.1.3 — (Authenticated) Arbitrary File Actions

Back in 2018, a group of security researchers and I decided to try our hands at OpenEMR and find security vulnerabilities.The full report can be found here.This a very good read and I recommend reading it in its entirety. However this blog post is just documenting my contribution to the project.The following are the three CVEs I received in the collaboration. These were all responsibly…