Openemr

Openemr

92 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-31117

Exploit
  • EPSS 0.41%
  • Veröffentlicht 31.03.2025 17:15:42
  • Zuletzt bearbeitet 30.04.2025 16:08:43

OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make u...

5.4

CVE-2025-30161

Exploit
  • EPSS 6.28%
  • Veröffentlicht 31.03.2025 16:15:25
  • Zuletzt bearbeitet 13.05.2025 13:36:27

OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials f...

4.6

CVE-2025-30149

Exploit
  • EPSS 0.28%
  • Veröffentlicht 31.03.2025 16:15:25
  • Zuletzt bearbeitet 30.04.2025 16:08:29

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. This v...

6.1

CVE-2025-29772

Exploit
  • EPSS 0.23%
  • Veröffentlicht 31.03.2025 16:15:24
  • Zuletzt bearbeitet 13.05.2025 13:36:30

OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS...

7.5

CVE-2025-29789

Exploit
  • EPSS 0.83%
  • Veröffentlicht 25.03.2025 20:29:29
  • Zuletzt bearbeitet 06.05.2025 19:26:56

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.

9.8

CVE-2024-37734

Exploit
  • EPSS 0.8%
  • Veröffentlicht 26.06.2024 22:15:10
  • Zuletzt bearbeitet 01.05.2025 19:38:20

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.

8.5

CVE-2012-0992

Exploit
  • EPSS 3.8%
  • Veröffentlicht 07.02.2012 21:55:03
  • Zuletzt bearbeitet 16.06.2026 23:38:37

interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter.

3.5

CVE-2012-0991

Exploit
  • EPSS 11.26%
  • Veröffentlicht 07.02.2012 21:55:03
  • Zuletzt bearbeitet 16.06.2026 23:38:37

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) tr...

4.3

CVE-2007-0649

  • EPSS 6.17%
  • Veröffentlicht 01.02.2007 01:28:00
  • Zuletzt bearbeitet 16.06.2026 22:35:59

Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via t...

6.8

CVE-2006-5811

Exploit
  • EPSS 2.84%
  • Veröffentlicht 08.11.2006 23:07:00
  • Zuletzt bearbeitet 16.06.2026 22:31:55

PHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[srcdir] parameter.