Authenticated Unrestricted File Deletion

[prodigysml]

The Issue

Unrestricted file deletion vulnerabilities are caused by overly trusting a user's input and allowing the user to manipulate the path of the file to be deleted. This may allow an attacker to create a denial of service scenario.

An attacker must be authenticated to perform this attack.

Where the Issue Occurred

The following code snippet displays the usage of the unlink function in PHP within the lh-ehr application: https://github.com/LibreHealthIO/lh-ehr/blob/cacaa71dca75c3bf53cdce506fbb62e8b0593f76/patient_portal/import_template.php#L30

[prondubuisi]

Hello @aethelwulffe how can I navigate to the option to upload or delete a template in the Librehealth application

[aethelwulffe]

Uh...Administration/Files

The cheezy upper box should have a drop-down in it (blank, but there is a list) that allows access to that ancient template file system.

In the last 14 years, I have never seen anyone use it.

-Of course, I could be totally wrong about what you are asking.

On 2019-02-01 00:08, Onyemenam Ndubuisi wrote:

Hello @aethelwulffe https://github.com/aethelwulffe how can I navigate to the option to upload or delete a template in the Librehealth application

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/LibreHealthIO/lh-ehr/issues/1212#issuecomment-459607778, or mute the thread https://github.com/notifications/unsubscribe-auth/AAhzFx_2tyPLzLOGDd54pu5C9jqp0C35ks5vI8u3gaJpZM4Va2Xq.

[prondubuisi]

@aethelwulffe I have tried seeing the upload, delete, save template but the navigation I got don't seem to do that, can you please check again

[aethelwulffe]

I would need to figure out what, if anything, the feature still does. Might be relevant to printing labels for pill or sample bottles or something still. -We sort of lost Terry, who was the primary guru for a large number of features. I will try to get to figuring it all out (unless you can tell me what feature it is you are trying to affect with the template). I need to get the spanish translations posted first though.

[prondubuisi]

Am looking to solving this Issue, But I can't do that except I know how to trigger it, this particular feature has lots of issues related to it though.

[NicoleG25]

Hi, do you plan to address this vulnerability? :) Note that it appears CVE-2018-1000647 was assigned.

[MathurinNkenfack]

Hi please stilll looking where to simulate this issues but it seems this functionality is not used

[Falence]

Hello, I would love to work on this