bradymiller wrote on Thursday, February 14, 2013:
Hi,
The following security vulnerability was posted yesterday:
http://packetstormsecurity.com/files/120274/OpenEMR-4.1.1-Shell-Upload.html
Likely just Windows servers will be affected, however recommend the following on all OpenEMR installations:
1. If using OpenEMR 4.1.1, then update to the most recent patch here (or follow option 2 below):
http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
2. If using OpenEMR 4.1.0 or below, then recommend removing the following file and directory from your openemr installation:
FILE: openemr/library/openflashchart/php-ofc-library/ofc_upload_image.php
DIRECTORY: openemr/library/openflashchart/tmp-upload-images/
(the directory should not exist, but if it does, then remove it)
-brady
OpenEMR