4 matches found
CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0...
CVE-2022-1177
creationtimestamp| type| source ---|---|--- 2022-03-30 14:12:11+00:00| seen| https://t.me/cibsecurity/39800 2024-01-09 09:07:01+00:00| published-proof-of-concept| https://t.me/arpsyndicate/2738...
CVE-2022-1177 Accounting User Can Download Patient Reports in openemr in openemr/openemr
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0...
CVE-2022-1177
OpenEMR contains an insecure direct object reference in interface/patient_file/report/custom_report.php (pre-6.1.0). An authenticated user can manipulate the Issue_7 parameter to download arbitrary patient reports, exposing sensitive data. The issue is tracked as CVE-2022-1177 and is documented a...