Open-emr

Openemr

175 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-14530

Exploit
  • EPSS 76.96%
  • Veröffentlicht 13.08.2019 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:26:54

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data ...

9.8

CVE-2019-14529

  • EPSS 0.52%
  • Veröffentlicht 02.08.2019 14:15:14
  • Zuletzt bearbeitet 21.11.2024 04:26:54

OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.

9.8

CVE-2018-17179

  • EPSS 11.67%
  • Veröffentlicht 17.05.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:01

An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.

5.3

CVE-2018-17180

  • EPSS 0.13%
  • Veröffentlicht 17.05.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:01

An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.

9.8

CVE-2018-17181

  • EPSS 0.01%
  • Veröffentlicht 17.05.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:02

An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.

6.1

CVE-2018-18035

  • EPSS 1.5%
  • Veröffentlicht 02.04.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:24

A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.

5.4

CVE-2018-1000218

Exploit
  • EPSS 0.02%
  • Veröffentlicht 20.08.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:57

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web scr...

5.4

CVE-2018-1000219

Exploit
  • EPSS 0.06%
  • Veröffentlicht 20.08.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:57

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web scr...

8.8

CVE-2018-15154

  • EPSS 4.83%
  • Veröffentlicht 15.08.2018 17:29:02
  • Zuletzt bearbeitet 21.11.2024 03:50:25

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global va...

8.8

CVE-2018-15155

  • EPSS 4.12%
  • Veröffentlicht 15.08.2018 17:29:02
  • Zuletzt bearbeitet 21.11.2024 03:50:25

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global vari...