Lucene search
Allen Enosh UpputoriPACKETSTORM:164011HistorySep 01, 2021 - 12:00 a.m.
OpenEMR 6.0.0 Insecure Direct Object Reference
2021-09-0100:00:00
Allen Enosh Upputori
packetstormsecurity.com
120
0.009 Low
EPSS
Percentile
83.0%
`# Exploit Title: Openemr 6.0.0 - Insecure direct object references
# Date: 31/8/2021
# Exploit Author: Allen Enosh Upputori
# Vendor Homepage: https://community.open-emr.org
# Version: 6.0.0
# Tested on: Linux
# CVE: 2021-40352
PoC: An attacker who has Physician Access can read messages with were sent to others members including admin messages the vulnerability exits in the print message feature = "pnotes_print.php?noteid=16" changing the "noteid=" to any other number will reveal the messages of everyone
https://github.com/allenenosh/CVE-2021-40352
`
Related
prion
prion
Design/Logic Flaw
2021-09-01 13:15:00
githubexploit
githubexploit
osv
osv
CVE-2021-40352
2021-09-01 13:15:08
openvas
openvas
OpenEMR <= 7.0.0 IDOR Vulnerability
2021-09-21 00:00:00
cvelist
cvelist
CVE-2021-40352
2021-09-01 12:20:41
nvd
nvd
CVE-2021-40352
2021-09-01 13:15:08
cve
cve
CVE-2021-40352
2021-09-01 13:15:08
zdt
zdt
OpenEMR 6.0.0 - (noteid) Insecure Direct Object Reference Vulnerability
2021-09-06 00:00:00
exploitdb
exploitdb
OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
2021-09-06 00:00:00