Lucene search

[email protected]CVE-2012-0991

HistoryFeb 07, 2012 - 9:55 p.m.

CVE-2012-0991

2012-02-0721:55:03

CWE-22

[email protected]

web.nvd.nist.gov

cve

directory traversal

openemr

vulnerability

nvd

security

remote authenticated users

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.727 High

EPSS

Percentile

98.1%

JSON

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a … (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.

Affected configurations

NVD

Node

openemropenemrMatch4.1.0

CPENameOperatorVersion
openemr:openemropenemreq4.1.0

CPE	Name	Operator	Version
openemr:openemr	openemr	eq	4.1.0

References

archives.neohapsis.com/archives/bugtraq/2012-02/0004.html

osvdb.org/78727

osvdb.org/78728

osvdb.org/78729

osvdb.org/78730

secunia.com/advisories/47781

www.open-emr.org/wiki/index.php/OpenEMR_Patches

www.securityfocus.com/bid/51788

exchange.xforce.ibmcloud.com/vulnerabilities/72914

www.htbridge.ch/advisory/HTB23069

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.727 High

EPSS

Percentile

98.1%

JSON

Related for CVE-2012-0991

nuclei1 prion1 nvd1 cvelist1 htbridge1 openvas2