Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-10571
Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR prior to 5.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_cla...
Open-emr Openemr
5.5
CVSSv2
CVE-2018-10572
interface/patient_file/letter.php in OpenEMR prior to 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
Open-emr Openemr
6.5
CVSSv2
CVE-2018-10573
interface/fax/fax_dispatch.php in OpenEMR prior to 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
Open-emr Openemr
NA
CVE-2023-2674
Improper Access Control in GitHub repository openemr/openemr before 7.0.1.
Open-emr Openemr
6.5
CVSSv2
CVE-2019-16404
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR up to and including 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
Open-emr Openemr
6.5
CVSSv2
CVE-2018-9250
interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter.
Open-emr Openemr
6.5
CVSSv2
CVE-2020-29139
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the searchFields parameter.
Open-emr Openemr
6.5
CVSSv2
CVE-2020-29140
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the form_code parameter.
Open-emr Openemr
6.5
CVSSv2
CVE-2020-29142
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.
Open-emr Openemr
6.5
CVSSv2
CVE-2020-29143
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR prior to 5.0.2.5 allows a remote authenticated malicious user to execute arbitrary SQL commands via the form_code parameter.
Open-emr Openemr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »