OpenEMR version 5.0.0 suffers from code execution and cross site scripting vulnerabilities.
cb323afd4eb9936c8fd21b2415f3e7b565e714471a0bae50bb61af03fdd63c92OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality.
f3e63ffea1416dffa063591f3a4d64e9cd1199687a6d7273f62fcad46fd75f81OpenEMR version 6.0.0 suffers from an insecure direct object reference vulnerability.
7d6123e4f92dbeac0fc04f7f189c4e37165184bded23fe55900d9c1c2944b65aOpenEMR version 5.0.1.3 authenticated remote shell upload exploit that leverages a vulnerability discovered in 2018.
c870808a4f9a9a137fcb679a6a3037401a0616eb79f037981dc723adf1f8b701OpenEMR version 5.0.17 path traversal exploit.
d922d48e6a0bee902e565673aa1c4471cc5327d78c48154ce121df3691d4e7acOpenEMR version 5.0.1.7 suffers from a path traversal vulnerability.
4137f1bcde3ba0b062231c438d7bd1885e04568f8cb1e019f5635288f2560b7dOpenEMR version 5.0.1.3 suffers from an authentication bypass vulnerability.
8c51ce9e83e8eaeca8c59755964b36c0b72aafd2cc7c8e64dc0a2971a327baadOpenEMR version 5.0.1.3 authenticated remote shell upload exploit.
1c976d82d20d572267256bdb0e89f3da86fd7a4937ea55c99df13535b3d1abf2OpenEMR version 5.0.0 authenticated remote shell upload exploit.
3477f1f072e94bd94017c7444dc3f0cdc0181bb156049e46ff8483d4de9bdca2OpenEMR version 5.0.2.1 remote code execution exploit that drops in a reverse shell.
19c8469e1f4adb849ff6cc14a09cddd215b6ce8699d9be7ed6adaccfcbba09c2OpenEMR version 4.1.0 remote SQL Injection exploit.
ccd74be3fd16945d3d2013767e5c44425bc689a37ff0209b75e8e1f23d50d9baOpenEMR versions 5.0.1 and below authenticated remote code execution exploit written in ruby.
7f48877b7731f082b5433de3e5ae805d4a0f4a8de62daf8987025281c09c42aeOpenEMR version 5.0.1 suffers from a remote code execution vulnerability.
30c2dce13c4d30c1351faa3934ffc815807ae3f57ed30e9c09176e6fe07bef30OpenEMR versions prior to 5.0.1 suffer from a remote code execution vulnerability.
cef69fb8f736848a842b3b4f42a6007301ace4c581b4522cb7c84afa0d549868OpenEMR version 5.0.1.3 suffers from arbitrary file read, write, and delete vulnerabilities.
e3013113e1a75a23ff07ff104eebc4f7e15d6667699b3fcf0f7297c2ed4ea905OpenEMR version 5.0.1.3 remote code execution exploit.
6cde9b6b4452f1d71b8fce2b7d11566e6e8265715df2dc588ac667c2a69e14a8OpenEMR versions 4.2.0 and 4.2.0 patch 1 suffer from an authentication bypass vulnerability.
a589315de279dd22ee99c036b36a4cfd6f70531f2f25bab5afeaec7ef31766f6openEMR version 4.2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
136128c86a8cdf2ba34308166c5782a4d4d518a5c95d5d6c966b0e3831d31b38OpenEMR versions 4.1.2(7) and below suffer from multiple remote SQL injection vulnerabilities.
4de926af3b89e3942d0921fa00d1c8a989396aa79190f2ae6420dd84beedb669This Metasploit module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the "new_comprehensive_save.php" page. This hash can be used to log in as the admin user. After logging in, the "manage_site_files.php" page will be used to upload arbitrary code.
153813f0acc368a45adcb43f7156aa643bd4c5305a6564c6562b51d3c58cec74OpenEMR version 4.1.1 Patch 14 suffers from remote shell upload and remote SQL injection vulnerabilities.
dd2bb2f9a5d3ce8ac7e4ee72e80cd42dbbbcb6ec9045c094bc63c0831a0f7e7aOpenEMR versions 4.1.1 patch-12 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
34d2a68eac35ef40f833eadd836730cb6db7a18c16f6872866a69898d3908187OpenEMR version 4.1.1 suffers from a cross site scripting vulnerability.
2794e272098c49fab5ad0608f9d0bb8abb46fa3cfb850da04587f0f744cfa619This Metasploit module exploits a vulnerability found in OpenEMR 4.1.1. By abusing the ofc_upload_image.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on OpenEMR 4.1.1 over Ubuntu 10.04.
09f5efca41c484db706376ef3dfea164467c56c4d486e5b9040b98c0af8c332aOpenEMR version 4.1.1 suffers from an arbitrary file upload vulnerability in ofc_upload_image.php. Included is an exploit that triggers a reverse shell.
d0a9864906a133104e4d3b529af97354bc0bafe48d8e3362a233ef4042d769e6OpenEMR version 4.1.0 suffers from local file inclusion and arbitrary command execution vulnerabilities.
aeb45ca876c22fbb0b013302962406c9de617641da105d221405ecc194efebf2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed