2 matches found
OpenEMR globals.php Authentication Bypass (CVE-2015-4453)
An authentication weakness vulnerability exists in OpenEMR, specifically in the globals.php script. The vulnerability is due to variable name collision during HTTP parameter extraction. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the...
CVE-2015-4453
OpenEMR vulnerable component: interface/globals.php. Root cause: a bug in the implementation of the legacy (fake) register_globals handling allows an ignoreAuth=1 parameter to bypass authentication. Affected versions: OpenEMR 2.x, 3.x, and 4.x up to 4.2.0 patch 2. Impact: remote attackers can acc...