Open-emr

Openemr

218 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2020-29139

Exploit
  • EPSS 1.78%
  • Veröffentlicht 15.02.2021 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:23:42

A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.

7.2

CVE-2020-29142

Exploit
  • EPSS 1.78%
  • Veröffentlicht 15.02.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:23:42

A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in globa...

6.1

CVE-2020-13565

Exploit
  • EPSS 1.88%
  • Veröffentlicht 10.02.2021 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:01:30

An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect ...

9

CVE-2020-36243

Exploit
  • EPSS 64.14%
  • Veröffentlicht 07.02.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:29:08

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metach...

6.1

CVE-2020-13562

Exploit
  • EPSS 77.75%
  • Veröffentlicht 01.02.2021 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:30

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGA...

6.1

CVE-2020-13563

Exploit
  • EPSS 75.86%
  • Veröffentlicht 01.02.2021 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:30

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGAC...

6.1

CVE-2020-13564

Exploit
  • EPSS 75.86%
  • Veröffentlicht 01.02.2021 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:30

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGAC...

8.8

CVE-2020-13569

Exploit
  • EPSS 3.03%
  • Veröffentlicht 28.01.2021 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:01:31

A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requ...

8.8

CVE-2020-19364

Exploit
  • EPSS 70.58%
  • Veröffentlicht 20.01.2021 01:15:13
  • Zuletzt bearbeitet 21.11.2024 05:09:09

OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.

8.8

CVE-2018-16795

Exploit
  • EPSS 0.61%
  • Veröffentlicht 31.12.2020 03:15:12
  • Zuletzt bearbeitet 21.11.2024 03:53:22

OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.