OpenEMR 6.0.0 Insecure Direct Object Reference

OpenEMR 6.0.0 Insecure Direct Object Reference: Posted Sep 1, 2021; Authored by Allen Enosh Upputori; OpenEMR version 6.0.0 suffers from an insecure direct object reference vulnerability.; tags | exploit; advisories | CVE-2021-40352; SHA-256 | 7d6123e4f92dbeac0fc04f7f189c4e37165184bded23fe55900d9c1c2944b65a; Download | Favorite | View

OpenEMR 6.0.0 Insecure Direct Object Reference

# Exploit Title: Openemr 6.0.0 - Insecure direct object references 
# Date: 31/8/2021 
# Exploit Author: Allen Enosh Upputori 
# Vendor Homepage: https://community.open-emr.org 
# Version: 6.0.0 
# Tested on: Linux 
# CVE: 2021-40352 

PoC: An attacker who has Physician Access can read messages with were sent to others members including admin messages the vulnerability exits in the print message feature = "pnotes_print.php?noteid=16" changing the "noteid=" to any other number will reveal the messages of everyone 

https://github.com/allenenosh/CVE-2021-40352

Top Authors In Last 30 Days

Red Hat 240 files
Ubuntu 63 files
Debian 21 files
LiquidWorm 14 files
Apple 9 files
Gentoo 8 files
Alter Prime 3 files
EQSTLab 2 files
Yehia Elghaly 2 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,168)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,979)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,006)
UNIX (9,479)
UnixWare (188)
Windows (6,785)
Other

OpenEMR 6.0.0 Insecure Direct Object Reference

OpenEMR 6.0.0 Insecure Direct Object Reference

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

OpenEMR 6.0.0 Insecure Direct Object Reference

Share This

OpenEMR 6.0.0 Insecure Direct Object Reference

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems