Product

Openmrs-Web (>= 2.8.0, <= 2.8.5)

1 brief RSS

OpenMRS Module Upload Path Traversal Vulnerability

OpenMRS versions 2.7.8 and earlier, as well as versions 2.8.0 through 2.8.5, are vulnerable to a path traversal (Zip Slip) attack via the `POST /openmrs/ws/rest/v1/module` endpoint that allows authenticated attackers to achieve arbitrary file write and remote code execution.

openmrs-web +1 path-traversal zip-slip rce openmrs web-application

2r 1t 4h ago