3 matches found
CVE-2022-1459
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1...
CVE-2022-1459 Non-Privilege User Can View Patient’s Disclosures in openemr/openemr
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1...
CVE-2022-1459
CVE-2022-1459 affects OpenEMR prior to 6.1.0.1. The issue is an Insecure Direct Object Reference that allows a non-privilege user to view patient disclosures via the OpenEMR web interface (example endpoint: interface/patient_file/summary/record_disclosure.php?editlid=…). This exposes confidential...