Shodan
Vulnerabilities
Vulnerable Software
Open-Emr:  Security Vulnerabilities
CVE-2020-13569
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.01
Published
2021-01-28
CVE-2020-19364
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.
CVSS Score
8.8
EPSS Score
0.007
Published
2021-01-20
CVE-2018-16795
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-12-31
CVE-2019-16404
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-10-21
CVE-2019-16862
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
CVSS Score
6.1
EPSS Score
0.063
Published
2019-10-21
CVE-2019-17409
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
CVSS Score
6.1
EPSS Score
0.019
Published
2019-10-21
CVE-2019-17197
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-05
CVE-2019-17179
4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1
CVSS Score
6.1
EPSS Score
0.021
Published
2019-10-04
CVE-2019-8368
OpenEMR v5.0.1-6 allows XSS.
CVSS Score
6.1
EPSS Score
0.423
Published
2019-09-16
CVE-2019-8371
OpenEMR v5.0.1-6 allows code execution.
CVSS Score
7.2
EPSS Score
0.008
Published
2019-09-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved