Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr openemr vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2018-15141
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
Open-emr Openemr
1 EDB exploit
6.5
CVSSv2
CVE-2018-15144
SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary SQL commands via the search_term parameter.
Open-emr Openemr
6.5
CVSSv2
CVE-2018-15146
SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary SQL commands via the 'search_term' parameter.
Open-emr Openemr
6.5
CVSSv2
CVE-2018-15148
SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary SQL commands via the 'text' parameter.
Open-emr Openemr
6.5
CVSSv2
CVE-2018-15151
SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary SQL commands via the 'search_term' parameter.
Open-emr Openemr
6.5
CVSSv2
CVE-2018-15155
OS command injection occurring in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in inte...
Open-emr Openemr
3.5
CVSSv2
CVE-2017-1000240
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated malicious users to inject arbitrary web script or HTML.
Open-emr Openemr
6.5
CVSSv2
CVE-2017-1000241
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators.
Open-emr Openemr
NA
CVE-2022-2729
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
NA
CVE-2022-2733
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr before 7.0.0.1.
Open-emr Openemr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »