Shodan
Vulnerabilities
Vulnerable Software
Open-Emr:  >> Openemr  >> 2.7  Security Vulnerabilities
CVE-2020-29140
A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
CVSS Score
7.2
EPSS Score
0.001
Published
2021-02-15
CVE-2020-29143
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
CVSS Score
7.2
EPSS Score
0.001
Published
2021-02-15
CVE-2020-29139
A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.
CVSS Score
7.2
EPSS Score
0.001
Published
2021-02-15
CVE-2020-29142
A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.
CVSS Score
7.2
EPSS Score
0.001
Published
2021-02-15
CVE-2019-17197
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-05
CVE-2019-17179
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
CVSS Score
6.1
EPSS Score
0.021
Published
2019-10-04
CVE-2019-3968
In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
CVSS Score
8.8
EPSS Score
0.607
Published
2019-08-20
CVE-2019-3967
In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.
CVSS Score
6.5
EPSS Score
0.343
Published
2019-08-20
CVE-2019-3963
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVSS Score
6.1
EPSS Score
0.267
Published
2019-08-20
CVE-2019-3964
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVSS Score
6.1
EPSS Score
0.267
Published
2019-08-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved