322 matches found
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. id: CVE-2018-19276 info: name: OpenMRS Platform 2.24.0 - Insecure Object...
Server-Side Template Injection (SSTI)
OpenMRS is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of user-controlled input in Velocity templates within ConceptReferenceRange, which allows an attacker to inject template expressions and execute arbitrary code...
Directory Traversal
OpenMRS Core is vulnerable to Directory Traversal. The vulnerability is due to improper validation and normalization of ZIP archive entry paths during module extraction, which allows an attacker to write arbitrary files outside the intended directory and achieve remote code execution...
CVE-2026-41258
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The...
CVE-2026-41258 OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRange
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The...
EUVD-2026-30558
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The...
CVE-2026-41258
OpenMRS Core prior to 2.7.9 and 2.8.6 is vulnerable to stored Velocity SSTI that leads to RCE. The issue occurs when evaluateCriteria() processes database-stored criteria as Velocity templates without sandboxing, with VelocityEngine initialized for logging only and no Secure Uberspector, allowing...
CVE-2026-41258 OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRange
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The...
CVE-2026-41258
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The...
OpenMRS 代码注入漏洞
OpenMRS is an open-source electronic health record system developed by OpenMRS Inc. Versions of OpenMRS from 2.7.0 to 2.7.9 and before 2.8.6 have a code injection vulnerability. This vulnerability arises from the ConceptReferenceRangeUtility.evaluateCriteria method, which evaluates condition...
CVE-2026-40076
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...
Directory Traversal
Overview org.openmrs.web:openmrs-web is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system EMR. Affected versions of this package are vulnerable to Directory Traversal via the WebModuleUtil.startModule function in POST...
CVE-2026-40076
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...
CVE-2026-40076 OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...
CVE-2026-40076
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...
CVE-2026-40076 OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...
CVE-2026-40076
OpenMRS Core (CVE-2026-40076) is vulnerable to Zip Slip via the module upload REST endpoint (POST /openmrs/ws/rest/v1/module). The flaw is in WebModuleUtil.startModule(): ZIP entries under web/module/ are written without normalizing paths, allowing traversal like web/module/foo/../../../../evil.j...
openmrs-core 路径遍历漏洞
OpenMRS-core is an open-source electronic health record system developed by OpenMRS. Versions of OpenMRS-core prior to 2.7.8, as well as versions 2.8.0 to 2.8.5, have a path traversal vulnerability. This vulnerability stems from the module upload endpoint’s automatic decompression of .omod archiv...
CVE-2026-40075
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...
CVE-2026-40075
OpenMRS Core <2.8.6 and 2.8.0–2.8.5 exposes a path traversal in ModuleResourcesServlet (/openmrs/moduleResources/{moduleid}) due to unsafe path construction without normalization, allowing unauthenticated reading of arbitrary files (e.g., /etc/passwd). Tomcat