Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2012-0991

Published: 07/02/2012 Updated: 29/08/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 365
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Subscribe to Openemr

Vulnerability Summary

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.

Vulnerable Product Search on Vulmon Subscribe to Product

openemr openemr 4.1.0

Exploits

Exploit DB: OpenEMR 4.1 - '/Interface/patient_file/encounter/trend_form.php?formname' Traversal Local File Inclusion
source: wwwsecurityfocuscom/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the user running the application, obtain potentially sensi ...
Exploit DB: OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion
source: wwwsecurityfocuscom/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the user running the application, obtain potentially s ...
Exploit DB: OpenEMR 4.1 - '/Interface/patient_file/encounter/load_form.php?formname' Traversal Local File Inclusion
source: wwwsecurityfocuscom/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the user running the application, obtain potentially sen ...

References

CWE-22http://osvdb.org/78729http://www.securityfocus.com/bid/51788http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.htmlhttp://osvdb.org/78730http://www.open-emr.org/wiki/index.php/OpenEMR_Patcheshttps://www.htbridge.ch/advisory/HTB23069http://osvdb.org/78728http://secunia.com/advisories/47781http://osvdb.org/78727https://exchange.xforce.ibmcloud.com/vulnerabilities/72914https://nvd.nist.govhttps://www.exploit-db.com/exploits/36648/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook