Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-22974

Published: 22/02/2023 Updated: 03/03/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

open-emr openemr

Github Repositories

https://github.com/gbrsh/CVE-2023-22974

OpenEMR < 7.0.0 Arbitrary File Read

CVE-2023-22974 OpenEMR &lt; 700 Arbitrary File Read

References

CWE-552https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#7.0.0_Patch_.2811.2F30.2F22.29https://www.sonarsource.com/blog/openemr-remote-code-execution-in-your-healthcare-system/https://nvd.nist.govhttps://github.com/gbrsh/CVE-2023-22974
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook