3 matches found
CVE-2022-23612
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for /images & /initfilter/scripts. This...
CVE-2022-23612 Directory Traversal in OpenMRS Startup Filter
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for /images & /initfilter/scripts. This...
CVE-2022-23612
OpenMRS suffers a directory traversal vulnerability in the startup filter that can allow an attacker to exfiltrate arbitrary files accessible to the OpenMRS user. Affected OpenMRS Core versions are 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3; mitigations include updating to the latest patch version for ...