Lucene search

K
packetstormAllen Enosh UpputoriPACKETSTORM:164011
HistorySep 01, 2021 - 12:00 a.m.

OpenEMR 6.0.0 Insecure Direct Object Reference

2021-09-0100:00:00
Allen Enosh Upputori
packetstormsecurity.com
120

0.009 Low

EPSS

Percentile

83.0%

`# Exploit Title: Openemr 6.0.0 - Insecure direct object references   
# Date: 31/8/2021   
# Exploit Author: Allen Enosh Upputori   
# Vendor Homepage: https://community.open-emr.org   
# Version: 6.0.0   
# Tested on: Linux   
# CVE: 2021-40352   
  
PoC: An attacker who has Physician Access can read messages with were sent to others members including admin messages the vulnerability exits in the print message feature = "pnotes_print.php?noteid=16" changing the "noteid=" to any other number will reveal the messages of everyone   
  
https://github.com/allenenosh/CVE-2021-40352   
  
`

0.009 Low

EPSS

Percentile

83.0%