Shodan
Vulnerabilities
Vulnerable Software
Open-Emr:  Security Vulnerabilities
CVE-2019-8371
OpenEMR v5.0.1-6 allows code execution.
CVSS Score
7.2
EPSS Score
0.004
Published
2019-09-16
CVE-2019-3968
In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
CVSS Score
8.8
EPSS Score
0.536
Published
2019-08-20
CVE-2019-3967
In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.
CVSS Score
6.5
EPSS Score
0.333
Published
2019-08-20
CVE-2019-3963
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVSS Score
6.1
EPSS Score
0.215
Published
2019-08-20
CVE-2019-3964
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVSS Score
6.1
EPSS Score
0.215
Published
2019-08-20
CVE-2019-3965
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVSS Score
6.1
EPSS Score
0.289
Published
2019-08-20
CVE-2019-3966
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVSS Score
6.1
EPSS Score
0.289
Published
2019-08-20
CVE-2019-14530
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
CVSS Score
8.8
EPSS Score
0.785
Published
2019-08-13
CVE-2019-14529
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
CVSS Score
9.8
EPSS Score
0.021
Published
2019-08-02
CVE-2018-17179
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
CVSS Score
9.8
EPSS Score
0.117
Published
2019-05-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved