Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-4453
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x prior to 4.2.0 patch 2 allows remote malicious users to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) int...
Open-emr Openemr 3.0.1
Open-emr Openemr 3.1.0
Open-emr Openemr 4.1.0
Open-emr Openemr 4.1.1
Open-emr Openemr 2.8.3
Open-emr Openemr 2.9.0
Open-emr Openemr 4.1.2
Open-emr Openemr 4.2.0
Open-emr Openemr 3.2.0
Open-emr Openemr 4.0.0
7.5
CVSSv2
CVE-2012-2115
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote malicious users to execute arbitrary SQL commands via the u parameter.
Open-emr Openemr 4.0.0
Open-emr Openemr 3.2.0
Open-emr Openemr 3.1.0
Open-emr Openemr
1 EDB exploit
6.8
CVSSv2
CVE-2011-5161
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the pat...
Open-emr Openemr 4.0.0
Open-emr Openemr 4.1.1
Open-emr Openemr 4.1.0
1 EDB exploit
4.3
CVSSv2
CVE-2011-5160
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote malicious users to inject arbitrary web script or HTML via the site parameter.
Open-emr Openemr 4.0.0
Open-emr Openemr 4.1.1
Open-emr Openemr 4.1.0
2 EDB exploits
7.5
CVSSv2
CVE-2020-13567
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
Open-emr Openemr 5.0.2
Phpgacl Project Phpgacl 3.3.7
Open-emr Openemr 6.0.0
3.5
CVSSv2
CVE-2021-25917
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when cr...
Open-emr Openemr
3.5
CVSSv2
CVE-2021-25919
In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.
Open-emr Openemr
4.3
CVSSv2
CVE-2021-25922
In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.
Open-emr Openemr
6.5
CVSSv2
CVE-2019-16404
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR up to and including 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
Open-emr Openemr
4
CVSSv2
CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr before 6.1.0.
Open-emr Openemr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »