Critical Security Fix for CVE-2017-16540

From OpenEMR Project Wiki
Revision as of 19:54, 5 November 2017 by Bradymiller (talk | contribs)
There is a critical security vulnerability in OpenEMR before 5.0.0 Patch 5 . More details can be found here: https://nvd.nist.gov/vuln/detail/CVE-2017-16540
In order to protect yourself from this vulnerability:
  • If using OpenEMR 5.0.0:
  1. Update to the most recent patch and follow the instructions here: OpenEMR Patches
  2. To be extra safe, then remove the setup.php file from the openemr web directory (if you need this file in the future, then can download it at setup.php).
  • If using OpenEMR 4.2.2 or lower:
  1. Remove the setup.php file from the openemr web directory.