Lucene search
High-Tech Bridge SAEDB-ID:36648HistoryFeb 01, 2012 - 12:00 a.m.
OpenEMR 4.1 - '/Interface/patient_file/encounter/trend_form.php?formname' Traversal Local File Inclusion
2012-02-0100:00:00
High-Tech Bridge SA
www.exploit-db.com
18
source: https://www.securityfocus.com/bid/51788/info
OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input.
A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the user running the application, obtain potentially sensitive information, and execute arbitrary local scripts in the context of the Web server process. This could allow the attacker to compromise the application and the computer; other attacks are also possible.
OpenEMR 4.1.0 is vulnerable; other versions may also be affected.
http://www.example.com/interface/patient_file/encounter/trend_form.php?formname=../../../etc/passwd%00 Related
nuclei
nuclei
OpenEMR 4.1 - Local File Inclusion
2021-07-30 23:04:14
exploitdb
exploitdb
cve
cve
CVE-2012-0991
2012-02-07 21:55:03
prion
prion
Directory traversal
2012-02-07 21:55:00
nvd
nvd
CVE-2012-0991
2012-02-07 21:55:03
cvelist
cvelist
CVE-2012-0991
2012-02-07 21:00:00
htbridge
htbridge
Multiple vulnerabilities in OpenEMR
2012-01-11 00:00:00
openvas
openvas
OpenEMR Local File Include and Command Injection Vulnerabilities
2012-02-02 00:00:00
OpenEMR 4.1.0 LFI and Command Injection Vulnerabilities
2012-02-02 00:00:00