8 matches found
CVE-2021-32104
A SQL injection vulnerability exists with user privileges in interface/forms/eyemag/save.php in OpenEMR 5.0.2.1...
CVE-2021-32102
A SQL injection vulnerability exists with user privileges in library/customtemplate/ajaxcode.php in OpenEMR 5.0.2.1...
Code injection
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/machineconfig.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulat...
Sql injection
A SQL injection vulnerability exists with user privileges in library/customtemplate/ajaxcode.php in OpenEMR 5.0.2.1...
CVE-2021-32102
A SQL injection vulnerability exists with user privileges in library/customtemplate/ajaxcode.php in OpenEMR 5.0.2.1...
OpenEMR 5.0.2.1 Remote Code Execution
Exploit Title: OpenEMR 5.0.2.1 - Remote Code Execution Exploit Author: Hato0, BvThTrd Date: 2020-08-07 Vendor Homepage: https://www.open-emr.org/ Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.2.1/openemr-5.0.2.tar.gz/download Version: 5.0.2.1 without patches...
Command injection
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters...
CVE-2020-36243
The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters...