Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr openemr vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-17181
An issue exists in OpenEMR prior to 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
Open-emr Openemr
668
VMScore
CVE-2018-15143
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.
Open-emr Openemr
668
VMScore
CVE-2018-15145
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
Open-emr Openemr
655
VMScore
CVE-2018-15142
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters...
Open-emr Openemr
1 EDB exploit
1 Github repository
655
VMScore
CVE-2014-5462
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and previous versions allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_...
Open-emr Openemr
1 EDB exploit
605
VMScore
CVE-2021-41843
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an malicious user to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&...
Open-emr Openemr 6.0.0
605
VMScore
CVE-2021-25923
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim user’s password, he can leverage it to an account takeover.
Open-emr Openemr
605
VMScore
CVE-2020-13569
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the vic...
Open-emr Openemr 5.0.2
605
VMScore
CVE-2018-16795
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.
Open-emr Openemr 5.0.1.3
578
VMScore
CVE-2021-32104
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
Open-emr Openemr 5.0.2.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »