Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr openemr 5.0.1.3 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-16795
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.
Open-emr Openemr 5.0.1.3
4.3
CVSSv2
CVE-2019-17179
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
Open-emr Openemr
6
CVSSv2
CVE-2019-14530
An issue exists in custom/ajax_download.php in OpenEMR prior to 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/open...
Open-emr Openemr
3 Github repositories
6.4
CVSSv2
CVE-2018-15152
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR prior to 5.0.1.4 allows a remote malicious user to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php...
Open-emr Openemr
6.5
CVSSv2
CVE-2018-15139
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images ...
Open-emr Openemr
1 Github repository
4
CVSSv2
CVE-2018-15140
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
Open-emr Openemr
1 EDB exploit
5.5
CVSSv2
CVE-2018-15141
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
Open-emr Openemr
1 EDB exploit
6.5
CVSSv2
CVE-2018-15142
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters...
Open-emr Openemr
1 EDB exploit
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started