Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2007-0649

Published: 01/02/2007 Updated: 16/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 6.4 | Exploitability Score: 3.2
VMScore: 440
Vector: AV:N/AC:H/Au:M/C:P/I:P/A:P
Subscribe to Openemr

Vulnerability Summary

Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and previous versions allows remote malicious users to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.

Vulnerable Product Search on Vulmon Subscribe to Product

openemr openemr

Exploits

Exploit DB: OpenEMR 2.8.2 - 'Login_Frame.php' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/22348/info OpenEMR is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may help the atta ...
Exploit DB: OpenEMR 2.8.2 - 'Import_XML.php' Remote File Inclusion
source: wwwsecurityfocuscom/bid/22346/info OpenEMR is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible This issue affects version 282; other ve ...

References

CWE-94http://attrition.org/pipermail/vim/2007-January/001254.htmlhttp://attrition.org/pipermail/vim/2007-January/001258.htmlhttp://www.securityfocus.com/bid/22346http://www.securityfocus.com/bid/22348http://securityreason.com/securityalert/2202http://osvdb.org/33609http://osvdb.org/33603http://www.securityfocus.com/archive/1/458565/100/0/threadedhttp://www.securityfocus.com/archive/1/458486/100/0/threadedhttp://www.securityfocus.com/archive/1/458476/100/0/threadedhttp://www.securityfocus.com/archive/1/458456/100/0/threadedhttp://www.securityfocus.com/archive/1/458426/100/0/threadedhttp://www.securityfocus.com/archive/1/458306/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/29557/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook