Critical Security Fix for CVE-2017-16540

From OpenEMR Project Wiki
Revision as of 08:40, 6 November 2017 by Bradymiller (talk | contribs)
There is a critical security vulnerability in OpenEMR before 5.0.0 Patch 5 . More details can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540
In order to protect yourself from this vulnerability:
  • If using OpenEMR 5.0.0:
  1. Update to the most recent patch via following instructions: OpenEMR Patches
  2. To be extra safe, then remove the setup.php file from the openemr web directory (if you need this file in the future, then can download it at setup.php).
  • If using OpenEMR 4.2.2 or lower:
  1. Remove the setup.php file from the openemr web directory.