Open-emr

Openemr

175 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2020-36243

Exploit
  • EPSS 88.53%
  • Veröffentlicht 07.02.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:29:08

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metach...

6.1

CVE-2020-13562

Exploit
  • EPSS 70.98%
  • Veröffentlicht 01.02.2021 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:30

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGA...

6.1

CVE-2020-13563

Exploit
  • EPSS 39.51%
  • Veröffentlicht 01.02.2021 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:30

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGAC...

6.1

CVE-2020-13564

Exploit
  • EPSS 39.51%
  • Veröffentlicht 01.02.2021 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:30

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGAC...

8.8

CVE-2020-13569

Exploit
  • EPSS 3.2%
  • Veröffentlicht 28.01.2021 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:01:31

A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requ...

8.8

CVE-2020-19364

Exploit
  • EPSS 0.54%
  • Veröffentlicht 20.01.2021 01:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:09

OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.

8.8

CVE-2018-16795

Exploit
  • EPSS 0.02%
  • Veröffentlicht 31.12.2020 03:15:12
  • Zuletzt bearbeitet 21.11.2024 03:53:22

OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.

8.8

CVE-2019-16404

Exploit
  • EPSS 0.01%
  • Veröffentlicht 21.10.2019 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:30:38

Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID paramet...

6.1

CVE-2019-16862

  • EPSS 4.74%
  • Veröffentlicht 21.10.2019 01:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:13

Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.

6.1

CVE-2019-17409

  • EPSS 1.44%
  • Veröffentlicht 21.10.2019 01:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:17

Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.