OpenEMR is an open source healthcare management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. versions of OpenEMR prior to 6.1.0 have an insecure direct object reference vulnerability that stems from a vulnerability in openemr/interface/patient_file/report/custom_report.php that does not check for all The vulnerability stems from the fact that user permissions are not checked in openemr/interface/patient_file/report/custom_report.php for all target objects accessed. Any authenticated attacker could exploit this vulnerability to download patient records by altering the “Issue_7” parameter to any valid number.
CPE | Name | Operator | Version |
---|---|---|---|
openemr openemr | lt | 6.1.0 |