# Exploit Title: Openemr 6.0.0 - Insecure direct object references # Date: 31/8/2021 # Exploit Author: Allen Enosh Upputori # Vendor Homepage: https://community.open-emr.org # Version: 6.0.0 # Tested on: Linux # CVE: 2021-40352 PoC: An attacker who has Physician Access can read messages with were sent to others members including admin messages the vulnerability exits in the print message feature = "pnotes_print.php?noteid=16" changing the "noteid=" to any other number will reveal the messages of everyone https://github.com/allenenosh/CVE-2021-40352