Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr openemr 5.0.1 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-19364
OpenEMR 5.0.1 allows an authenticated malicious user to upload and execute malicious PHP scripts through /controller.php.
Open-emr Openemr 5.0.1
1 Github repository
4.3
CVSSv2
CVE-2019-17179
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
Open-emr Openemr
4.3
CVSSv2
CVE-2019-8368
OpenEMR v5.0.1-6 allows XSS.
Open-emr Openemr 5.0.1-6
9
CVSSv2
CVE-2019-8371
OpenEMR v5.0.1-6 allows code execution.
Open-emr Openemr 5.0.1-6
9
CVSSv2
CVE-2019-3968
In OpenEMR 5.0.1 and previous versions, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-3965
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-3966
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-3963
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-3964
In OpenEMR 5.0.1 and previous versions, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an malicious user to execute arbitrary code in the context of a user's session.
Open-emr Openemr
4
CVSSv2
CVE-2019-3967
In OpenEMR 5.0.1 and previous versions, the patient file download interface contains a directory traversal flaw that allows authenticated malicious users to download arbitrary files from the host system.
Open-emr Openemr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »