Shodan
Vulnerabilities
Vulnerable Software
Open-Emr:  >> Openemr  >> 5.0.1.1  Security Vulnerabilities
CVE-2019-17409
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
CVSS Score
6.1
EPSS Score
0.019
Published
2019-10-21
CVE-2019-17197
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-05
CVE-2019-17179
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
CVSS Score
6.1
EPSS Score
0.021
Published
2019-10-04
CVE-2019-14530
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
CVSS Score
8.8
EPSS Score
0.791
Published
2019-08-13
CVE-2019-14529
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
CVSS Score
9.8
EPSS Score
0.021
Published
2019-08-02
CVE-2018-17179
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
CVSS Score
9.8
EPSS Score
0.084
Published
2019-05-17
CVE-2018-17180
An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-05-17
CVE-2018-17181
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-05-17
CVE-2018-18035
A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
CVSS Score
6.1
EPSS Score
0.025
Published
2019-04-02
CVE-2018-15154
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php.
CVSS Score
8.8
EPSS Score
0.088
Published
2018-08-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved