Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2018-15149
SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary SQL commands via the 'encounter' parameter.
Open-emr Openemr
578
VMScore
CVE-2018-15151
SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary SQL commands via the 'search_term' parameter.
Open-emr Openemr
405
VMScore
CVE-2018-15140
Directory traversal in portal/import_template.php in versions of OpenEMR prior to 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
Open-emr Openemr
1 EDB exploit
668
VMScore
CVE-2018-15143
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.
Open-emr Openemr
578
VMScore
CVE-2018-15144
SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary SQL commands via the search_term parameter.
Open-emr Openemr
668
VMScore
CVE-2018-15145
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
Open-emr Openemr
578
VMScore
CVE-2018-15146
SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary SQL commands via the 'search_term' parameter.
Open-emr Openemr
578
VMScore
CVE-2018-15147
SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR prior to 5.0.1.4 allows a remote authenticated malicious user to execute arbitrary SQL commands via the 'id' parameter.
Open-emr Openemr
312
VMScore
CVE-2022-1458
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr before 6.1.0.1.
Open-emr Openemr
490
VMScore
CVE-2022-1459
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr before 6.1.0.1.
Open-emr Openemr
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »