Lucene search
CVE-2018-16795
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/supe..
Show more
| Reporter | Title | Published | Views | Family All 5 |
|---|---|---|---|---|
 | CVE-2018-16795 | 31 Dec 202003:15 | – | nvd |
 | CVE-2018-16795 | 31 Dec 202003:15 | – | osv |
 | Cross site request forgery (csrf) | 31 Dec 202003:15 | – | prion |
 | CVE-2018-16795 | 31 Dec 202002:32 | – | cvelist |
 | OpenEMR Cross-Site Request Forgery Vulnerability | 6 Jan 202100:00 | – | cnvd |
| Source | Link |
|---|---|
| open-emr | www.open-emr.org/wiki/images/1/11/Openemr_insecurity.pdf |
| community | www.community.open-emr.org/t/openemr-security/10597 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| file | path | /interface/super/manage_site_files.php | Vulnerable endpoint that allows uploading of files, including .php files which may lead to remote code execution. | CWE-352 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo31 Dec 2020 03:15Current
8.8High risk
Vulners AI Score8.8
CVSS26.8
CVSS38.8
EPSS0.00293