interface/globals.php in OpenEMR 2.x, 3.x, and 4.x prior to 4.2.0 patch 2 allows remote malicious users to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-emr openemr 3.0.1 |
||
open-emr openemr 3.1.0 |
||
open-emr openemr 4.1.0 |
||
open-emr openemr 4.1.1 |
||
open-emr openemr 2.8.3 |
||
open-emr openemr 2.9.0 |
||
open-emr openemr 4.1.2 |
||
open-emr openemr 4.2.0 |
||
open-emr openemr 3.2.0 |
||
open-emr openemr 4.0.0 |