Search...

CVE-2018-15146

2018-08-15T17:29:00

ID CVE-2018-15146
Type cve
Reporter cve@mitre.org
Modified 2018-10-11T16:41:00

Description

SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.

JSON Vulners Source

Initial Source

{"id": "CVE-2018-15146", "bulletinFamily": "NVD", "title": "CVE-2018-15146", "description": "SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.", "published": "2018-08-15T17:29:00", "modified": "2018-10-11T16:41:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15146", "reporter": "cve@mitre.org", "references": ["https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", "https://github.com/openemr/openemr/pull/1757/files", "https://insecurity.sh/reports/openemr.pdf"], "cvelist": ["CVE-2018-15146"], "type": "cve", "lastseen": "2021-02-02T06:52:29", "edition": 6, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310112356"]}], "modified": "2021-02-02T06:52:29", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-02-02T06:52:29", "rev": 2}, "vulnersScore": 7.1}, "cpe": ["cpe:/a:open-emr:openemr:5.0.1.3"], "affectedSoftware": [{"cpeName": "open-emr:openemr", "name": "open-emr openemr", "operator": "le", "version": "5.0.1.3"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:open-emr:openemr:5.0.1.3:*:*:*:*:*:*:*"], "cwe": ["CWE-89"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:open-emr:openemr:5.0.1.3:*:*:*:*:*:*:*", "versionEndIncluding": "5.0.1.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/openemr/openemr/pull/1757/files", "refsource": "CONFIRM", "tags": ["Third Party Advisory"], "url": "https://github.com/openemr/openemr/pull/1757/files"}, {"name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches"}, {"name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"}, {"name": "https://insecurity.sh/reports/openemr.pdf", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://insecurity.sh/reports/openemr.pdf"}]}

{"openvas": [{"lastseen": "2019-08-07T14:47:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-15139", "CVE-2018-15152", "CVE-2018-15155", "CVE-2018-15153", "CVE-2018-15144", "CVE-2018-15148", "CVE-2018-15149", "CVE-2018-15141", "CVE-2018-15145", "CVE-2018-15147", "CVE-2018-15143", "CVE-2018-15142", "CVE-2018-15140", "CVE-2018-15146", "CVE-2018-15150", "CVE-2018-15154", "CVE-2018-15151", "CVE-2018-15156"], "description": "This host is running OpenEMR and is\n prone to multiple vulnerabilities.", "modified": "2019-08-06T00:00:00", "published": "2018-08-14T00:00:00", "id": "OPENVAS:1361412562310112356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112356", "type": "openvas", "title": "OpenEMR < 5.0.1.4 Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# OpenEMR < 5.0.1.4 Multiple Vulnerabilities\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112356\");\n script_version(\"2019-08-06T09:01:24+0000\");\n script_cve_id(\"CVE-2018-15139\", \"CVE-2018-15140\", \"CVE-2018-15141\",\n \"CVE-2018-15142\", \"CVE-2018-15143\", \"CVE-2018-15144\", \"CVE-2018-15145\",\n \"CVE-2018-15146\", \"CVE-2018-15147\", \"CVE-2018-15148\", \"CVE-2018-15149\",\n \"CVE-2018-15150\", \"CVE-2018-15151\", \"CVE-2018-15152\", \"CVE-2018-15153\",\n \"CVE-2018-15154\", \"CVE-2018-15155\", \"CVE-2018-15156\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-06 09:01:24 +0000 (Tue, 06 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-08-14 09:22:33 +0200 (Tue, 14 Aug 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_name(\"OpenEMR < 5.0.1.4 Multiple Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenEMR and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws consist of multiple SQL injection vulnerabilities,\n directory traversal vulnerabilities, OS command injection vulnerabilities, an authentication bypass vulnerability\n and an unrestricted file upload vulnerability.\");\n\n script_tag(name:\"affected\", value:\"OpenEMR versions before 5.0.1.4\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OpenEMR version 5.0.1.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/\");\n script_xref(name:\"URL\", value:\"https://github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3dc5485\");\n script_xref(name:\"URL\", value:\"https://github.com/openemr/openemr/pull/1765/files\");\n script_xref(name:\"URL\", value:\"https://github.com/openemr/openemr/pull/1758/files\");\n script_xref(name:\"URL\", value:\"https://github.com/openemr/openemr/pull/1757/files\");\n script_xref(name:\"URL\", value:\"https://insecurity.sh/reports/openemr.pdf\");\n script_xref(name:\"URL\", value:\"https://www.open-emr.org/wiki/index.php/OpenEMR_Patches\");\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_openemr_detect.nasl\");\n script_mandatory_keys(\"openemr/installed\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nCPE = \"cpe:/a:open-emr:openemr\";\n\nif( ! port = get_app_port( cpe: CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[ 'version' ];\nlocation = infos[ 'location' ];\n\nif( version_is_less( version: version, test_version: \"5.0.1-4\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"5.0.1-4\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}