Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-36243
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.
Open-emr Openemr 5.0.2.1
4.3
CVSSv2
CVE-2020-13562
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter.
Phpgacl Project Phpgacl 3.3.7
Open-emr Openemr 5.0.2
4.3
CVSSv2
CVE-2020-13563
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.
Phpgacl Project Phpgacl 3.3.7
Open-emr Openemr 5.0.2
4.3
CVSSv2
CVE-2020-13564
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter.
Phpgacl Project Phpgacl 3.3.7
Open-emr Openemr 5.0.2
6.8
CVSSv2
CVE-2020-13569
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the vic...
Open-emr Openemr 5.0.2
6.5
CVSSv2
CVE-2020-19364
OpenEMR 5.0.1 allows an authenticated malicious user to upload and execute malicious PHP scripts through /controller.php.
Open-emr Openemr 5.0.1
1 Github repository
6.8
CVSSv2
CVE-2018-16795
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.
Open-emr Openemr 5.0.1.3
6.5
CVSSv2
CVE-2019-16404
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR up to and including 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-16862
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x prior to 5.0.2.1 allows a remote malicious user to execute arbitrary code in the context of a user's session via the pid parameter.
Open-emr Openemr
4.3
CVSSv2
CVE-2019-17409
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x prior to 5.0.2.1 ia the id parameter.
Open-emr Openemr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »