Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openemr openemr vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13567
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
Open-emr Openemr 5.0.2
Phpgacl Project Phpgacl 3.3.7
Open-emr Openemr 6.0.0
9.8
CVSSv3
CVE-2019-17197
OpenEMR up to and including 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
Open-emr Openemr
9.8
CVSSv3
CVE-2019-14529
OpenEMR prior to 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
Open-emr Openemr
1 Github repository
9.8
CVSSv3
CVE-2018-17179
An issue exists in OpenEMR prior to 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
Open-emr Openemr
1 Github repository
9.8
CVSSv3
CVE-2018-17181
An issue exists in OpenEMR prior to 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
Open-emr Openemr
9.8
CVSSv3
CVE-2018-15143
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.
Open-emr Openemr
9.8
CVSSv3
CVE-2018-15145
Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR prior to 5.0.1.4 allow a remote malicious user to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.
Open-emr Openemr
9.1
CVSSv3
CVE-2018-15152
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR prior to 5.0.1.4 allows a remote malicious user to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php...
Open-emr Openemr
8.8
CVSSv3
CVE-2023-2943
Code Injection in GitHub repository openemr/openemr before 7.0.1.
Open-emr Openemr
8.8
CVSSv3
CVE-2023-22973
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
Open-emr Openemr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »