2 matches found
CVE-2017-16540
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter...
CVE-2017-16540
OpenEMR before 5.0.0 Patch 5 is vulnerable. setup.php exposes a cloning function that allows unauthenticated remote copying of the OpenEMR database to an attacker-controlled MySQL server via a crafted state parameter. Affected: OpenEMR