CVE-2013-4619
- EPSS 0.02%
- Veröffentlicht 09.08.2013 21:55:07
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/...
CVE-2013-4620
- EPSS 1.41%
- Veröffentlicht 09.08.2013 21:55:07
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter.
CVE-2012-2115
- EPSS 0.15%
- Veröffentlicht 09.09.2012 21:55:07
- Zuletzt bearbeitet 11.04.2025 00:51:21
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVE-2011-5161
- EPSS 2.78%
- Veröffentlicht 09.09.2012 21:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a d...
CVE-2011-5160
- EPSS 0.25%
- Veröffentlicht 09.09.2012 21:55:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.