Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-emr openemr 5.0.1 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-19364
OpenEMR 5.0.1 allows an authenticated malicious user to upload and execute malicious PHP scripts through /controller.php.
Open-emr Openemr 5.0.1
1 Github repository
6.1
CVSSv3
CVE-2017-6394
Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the "openemr-master/gacl/admin/object_search.php" URL (section_value; src_form). An attack...
Open-emr Openemr 5.0.1
6.1
CVSSv3
CVE-2019-8368
OpenEMR v5.0.1-6 allows XSS.
Open-emr Openemr 5.0.1-6
7.2
CVSSv3
CVE-2019-8371
OpenEMR v5.0.1-6 allows code execution.
Open-emr Openemr 5.0.1-6
5.3
CVSSv3
CVE-2018-17180
An issue exists in OpenEMR prior to 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.
Open-emr Openemr
8.8
CVSSv3
CVE-2018-10573
interface/fax/fax_dispatch.php in OpenEMR prior to 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
Open-emr Openemr
6.5
CVSSv3
CVE-2018-10572
interface/patient_file/letter.php in OpenEMR prior to 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
Open-emr Openemr
6.1
CVSSv3
CVE-2019-17179
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
Open-emr Openemr
8.8
CVSSv3
CVE-2019-3968
In OpenEMR 5.0.1 and previous versions, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
Open-emr Openemr
6.5
CVSSv3
CVE-2019-3967
In OpenEMR 5.0.1 and previous versions, the patient file download interface contains a directory traversal flaw that allows authenticated malicious users to download arbitrary files from the host system.
Open-emr Openemr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »