Shodan
Vulnerabilities
Vulnerable Software
Open-Emr:  >> Openemr  >> 4.1.1  Security Vulnerabilities
CVE-2018-10572
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-04-30
CVE-2018-10573
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-04-30
CVE-2017-1000240
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.
CVSS Score
5.4
EPSS Score
0.001
Published
2017-11-17
CVE-2017-9380
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-06-02
CVE-2015-4453
interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.
CVSS Score
5.0
EPSS Score
0.409
Published
2015-07-05
CVE-2013-4619
Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/chart_tracker.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2013-08-09
CVE-2013-4620
Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter.
CVSS Score
4.3
EPSS Score
0.011
Published
2013-08-09
CVE-2011-5161
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/.
CVSS Score
6.8
EPSS Score
0.018
Published
2012-09-09
CVE-2011-5160
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2012-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved