10 matches found
Design/Logic Flaw
An Insecure Direct Object Reference IDOR vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zendmodules/public/Installer/register...
CVE-2022-25471
An Insecure Direct Object Reference IDOR vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zendmodules/public/Installer/register...
CVE-2022-25471
CVE-2022-25471 : OpenEMR 6.0.0 contains an Insecure Direct Object Reference (IDOR). An authenticated attacker can access and modify unauthorized areas by sending a crafted POST to /modules/zend_modules/public/Installer/register. Root cause stated as IDOR; no exploit details or fixes are provided ...
OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference IDOR Date: 31/08/2021 Exploit Author: Allen Enosh Upputori Vendor Homepage: https://www.open-emr.org Software Link: https://www.open-emr.org/wiki/index.php/OpenEMRDownloads Version: 6.0.0 Tested on: Linux CVE : CVE-2021-4035...
CVE-2021-40352
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
Design/Logic Flaw
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
CVE-2021-40352
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
OpenEMR 6.0.0 Insecure Direct Object Reference
Exploit Title: Openemr 6.0.0 - Insecure direct object references Date: 31/8/2021 Exploit Author: Allen Enosh Upputori Vendor Homepage: https://community.open-emr.org Version: 6.0.0 Tested on: Linux CVE: 2021-40352 PoC: An attacker who has Physician Access can read messages with were sent to other...
UBUNTU-CVE-2020-13565
An open redirect vulnerability exists in the returnpage redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 commit babec93f600ff1394f91ccd512bcad85832eb6ce. A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide...
CVE-2020-13565
CVE-2020-13565 affects phpGACL 3.3.7, OpenEMR 5.0.2, and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). The vulnerability is an open redirect in the return_page redirection functionality. A specially crafted HTTP request can cause redirects to an arbitrary UR...