Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-4453
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x prior to 4.2.0 patch 2 allows remote malicious users to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) int...
Open-emr Openemr 3.0.1
Open-emr Openemr 3.1.0
Open-emr Openemr 4.1.0
Open-emr Openemr 4.1.1
Open-emr Openemr 2.8.3
Open-emr Openemr 2.9.0
Open-emr Openemr 4.1.2
Open-emr Openemr 4.2.0
Open-emr Openemr 3.2.0
Open-emr Openemr 4.0.0
NA
CVE-2012-2115
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote malicious users to execute arbitrary SQL commands via the u parameter.
Open-emr Openemr 4.0.0
Open-emr Openemr 3.2.0
Open-emr Openemr 3.1.0
Open-emr Openemr
1 EDB exploit
NA
CVE-2011-5160
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote malicious users to inject arbitrary web script or HTML via the site parameter.
Open-emr Openemr 4.0.0
Open-emr Openemr 4.1.1
Open-emr Openemr 4.1.0
2 EDB exploits
NA
CVE-2011-5161
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the pat...
Open-emr Openemr 4.0.0
Open-emr Openemr 4.1.1
Open-emr Openemr 4.1.0
1 EDB exploit
9.8
CVSSv3
CVE-2020-13567
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
Open-emr Openemr 5.0.2
Phpgacl Project Phpgacl 3.3.7
Open-emr Openemr 6.0.0
4.8
CVSSv3
CVE-2022-4733
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr before 7.0.0.2.
Open-emr Openemr
5.4
CVSSv3
CVE-2022-1178
Stored Cross Site Scripting in GitHub repository openemr/openemr before 6.0.0.4.
Open-emr Openemr
3.5
CVSSv3
CVE-2022-1180
Reflected Cross Site Scripting in GitHub repository openemr/openemr before 6.0.0.4.
Open-emr Openemr
8.8
CVSSv3
CVE-2017-9380
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
Open-emr Openemr
7.2
CVSSv3
CVE-2020-29142
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.
Open-emr Openemr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »