Shodan
Vulnerabilities
Vulnerable Software
Open-Emr:  >> Openemr  >> 5.0.1  Security Vulnerabilities
CVE-2018-15141
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
CVSS Score
6.5
EPSS Score
0.02
Published
2018-08-13
CVE-2018-15142
Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory.
CVSS Score
8.8
EPSS Score
0.023
Published
2018-08-13
CVE-2018-15143
Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.
CVSS Score
9.8
EPSS Score
0.0
Published
2018-08-13
CVE-2018-15144
SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter.
CVSS Score
8.8
EPSS Score
0.0
Published
2018-08-13
CVE-2018-9250
interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter.
CVSS Score
8.8
EPSS Score
0.554
Published
2018-05-18
CVE-2017-1000241
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators.
CVSS Score
8.1
EPSS Score
0.006
Published
2017-11-17
CVE-2017-6394
Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the "openemr-master/gacl/admin/object_search.php" URL (section_value; src_form). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved