CVE-2024-37734

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter...

PT-2024-27726 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: OpenEMR version 7.0.2 Description: An issue in OpenEMR allows a remote attacker to escalate privileges via a crafted POST request using the noteid parameter. Recommendations: For OpenEMR version 7.0.2, as a temporary workaround, consider...

CVE-2024-37734

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter...

OpenEMR 6.0.0 - (noteid) Insecure Direct Object Reference Vulnerability

Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference IDOR Exploit Author: Allen Enosh Upputori Vendor Homepage: https://www.open-emr.org Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: 6.0.0 Tested on: Linux CVE : CVE-2021-40352 How to Reproduc...

CVE-2021-40352

OpenEMR 6.0.0 is affected by CVE-2021-40352 due to an insecure direct object reference in pnotes_print.php?noteid= that allows reading other users’ messages (IDOR). Exploitation PoCs exist (e.g., PoC notes/public exploits show changing noteid to access others’ messages, including admin messages)....