Reminder to fix a critical security vulnerability in OpenEMR


(Brady Miller) #1

This is a reminder for everybody to ensure they have fixed a recent critical security vulnerability. See the following page for details:
http://www.open-emr.org/wiki/index.php/Critical_Security_Fix_for_CVE-2017-16540

This is a critical security vulnerability in OpenEMR before 5.0.0 Patch 5 . More details can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540

In order to protect yourself from this vulnerability:

  • If using OpenEMR 5.0.0:
    • Update to the most recent patch and follow the instructions here: OpenEMR Patches
    • To be extra safe, then remove the setup.php file from the openemr web directory (if you need this file in the future, then can download it at setup.php).
  • If using OpenEMR 4.2.2 or lower:
    • Remove the setup.php file from the openemr web directory.