Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

OpenEMR 6.0.0 Insecure Direct Object Reference

Related Vulnerabilities: CVE-2021-40352  
Publish Date: 01 Sep 2021
Author: Allen Enosh Upputori
Source 
                							

                # Exploit Title: Openemr 6.0.0 - Insecure direct object references 
# Date: 31/8/2021 
# Exploit Author: Allen Enosh Upputori 
# Vendor Homepage: https://community.open-emr.org 
# Version: 6.0.0 
# Tested on: Linux 
# CVE: 2021-40352 

PoC: An attacker who has Physician Access can read messages with were sent to others members including admin messages the vulnerability exits in the print message feature = "pnotes_print.php?noteid=16" changing the "noteid=" to any other number will reveal the messages of everyone 

https://github.com/allenenosh/CVE-2021-40352 

<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started