Lucene search

CVE-2018-15149

🗓️ 15 Aug 2018 17:01:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 32 Views🌐 WEB

CVE-2018-15149 SQL injection vulnerability in OpenEMR before 5.0.1.

Reporter	Title	Published	Views	Family All 6
Prion	Sql injection	15 Aug 201817:29	–	prion
NVD	CVE-2018-15149	15 Aug 201817:29	–	nvd
OSV	CVE-2018-15149	15 Aug 201817:29	–	osv
Cvelist	CVE-2018-15149	15 Aug 201817:00	–	cvelist
Dsquare	OpenEMR Anything_simple.php SQL Injection	18 Aug 201800:00	–	dsquare
OpenVAS	OpenEMR < 5.0.1.4 Multiple Vulnerabilities	14 Aug 201800:00	–	openvas

Nvd

Node

open-emr openemrRange≤5.0.1.3

Source	Link
github	www.github.com/openemr/openemr/pull/1757/files
open-emr	www.open-emr.org/wiki/index.php/OpenEMR_Patches
insecurity	www.insecurity.sh/reports/openemr.pdf
databreaches	www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/

Parameter	Position	Path	Description	CWE
encounter	query param	/interface/forms/eye_mag/php/Anything_simple.php	SQL injection vulnerability via encounter parameter in Anything_simple.php allows execution of arbitrary SQL commands.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Aug 2018 17:29Current

8.8High risk

Vulners AI Score8.8

CVSS26.5

CVSS38.8

EPSS0.00305

CWE-89