4 matches found
EUVD-2026-13158
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attackers. The vulnerability exists due to insufficient...
PT-2026-26288
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.2 Description OpenEMR is a free and open source electronic health records and medical practice management application. A command injection issue exists in the backup functionality due to insufficient input...
Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE
Summary 1. There is a reflected XSS vulnerability in the GET /admin/edit-codepage/:name route through the name parameter. This can be used to hijack the session of an admin if they click a specially crafted link. 2. Additionally, there is a Command Injection vulnerability in GET /admin/backup. Th...
GHSA-CR3W-CW5W-H3FJ Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE
Summary 1. There is a reflected XSS vulnerability in the GET /admin/edit-codepage/:name route through the name parameter. This can be used to hijack the session of an admin if they click a specially crafted link. 2. Additionally, there is a Command Injection vulnerability in GET /admin/backup. Th...