Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr openemr vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-4453
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x prior to 4.2.0 patch 2 allows remote malicious users to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) int...
Open-emr Openemr 2.8.3
Open-emr Openemr 4.0.0
Open-emr Openemr 3.2.0
Open-emr Openemr 4.1.1
Open-emr Openemr 4.2.0
Open-emr Openemr 4.1.0
Open-emr Openemr 4.1.2
Open-emr Openemr 3.0.1
Open-emr Openemr 3.1.0
Open-emr Openemr 2.9.0
7.5
CVSSv2
CVE-2012-2115
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote malicious users to execute arbitrary SQL commands via the u parameter.
Open-emr Openemr
Open-emr Openemr 4.0.0
Open-emr Openemr 3.2.0
Open-emr Openemr 3.1.0
1 EDB exploit
6.8
CVSSv2
CVE-2011-5161
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the pat...
Open-emr Openemr 4.0.0
Open-emr Openemr 4.1.1
Open-emr Openemr 4.1.0
1 EDB exploit
4.3
CVSSv2
CVE-2011-5160
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote malicious users to inject arbitrary web script or HTML via the site parameter.
Open-emr Openemr 4.0.0
Open-emr Openemr 4.1.1
Open-emr Openemr 4.1.0
2 EDB exploits
7.5
CVSSv2
CVE-2020-13567
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
Open-emr Openemr 5.0.2
Phpgacl Project Phpgacl 3.3.7
Open-emr Openemr 6.0.0
7.5
CVSSv2
CVE-2019-14529
OpenEMR prior to 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
Open-emr Openemr
1 Github repository
6
CVSSv2
CVE-2019-14530
An issue exists in custom/ajax_download.php in OpenEMR prior to 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/open...
Open-emr Openemr
3 Github repositories
3.5
CVSSv2
CVE-2021-32103
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR prior to 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
Open-emr Openemr
5
CVSSv2
CVE-2018-17180
An issue exists in OpenEMR prior to 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.
Open-emr Openemr
7.5
CVSSv2
CVE-2018-17181
An issue exists in OpenEMR prior to 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
Open-emr Openemr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »