11 matches found
Openemr-4.1.0 - SQL Injection Vulnerability
No description provided by source. Exploit Title: Openemr-4.1.0 SQL injection Vulnerability Date: 2011/10/18 Author: I2sec-dae jin Oh Software Link: http://sourceforge.net/projects/openemr/files/OpenEMR%20Current/4.1.0/openemr-4.1.0.zip/download Vendor : www.open-emr.com Version: Openemr-4.1.0...
CVE-2012-2115
CVE-2012-2115 affects OpenEMR (interface/login/validateUser.php) where SQL injection via the u parameter allows remote attackers to execute arbitrary SQL commands. Affected: OpenEMR 4.1.0 and possibly earlier. Root cause: unsafely constructed SQL from user input. Impact: partial confidentiality/i...
CVE-2012-0992
interface/fax/faxdispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter...
Code injection
interface/fax/faxdispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter...
Directory traversal
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. dot dot in the formname parameter to 1 contrib/acog/printform.php; or 2 loadform.php, 3 viewform.php, or 4 trendform.php in interface/patientfile/encounter...
CVE-2012-0992
interface/fax/faxdispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter...
CVE-2012-0991
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. dot dot in the formname parameter to 1 contrib/acog/printform.php; or 2 loadform.php, 3 viewform.php, or 4 trendform.php in interface/patientfile/encounter...
OpenEMR 4.1.0 LFI and Command Injection Vulnerabilities - Active Check
OpenEMR is prone to local file include LFI and command injection vulnerabilities because it fails to properly sanitize user supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Openemr-4.1.0 - SQL Injection
Openemr-4.1.0 - SQL Injection Exploit Title: Openemr-4.1.0 SQL injection Vulnerability Date: 2011/10/18 Author: I2sec-dae jin Oh Software Link: http://sourceforge.net/projects/openemr/files/OpenEMR%20Current/4.1.0/openemr-4.1.0.zip/download Vendor : www.open-emr.com Version: Openemr-4.1.0 Tested...
Openemr 4.1.0 SQL Injection
Exploit Title: Openemr-4.1.0 SQL injection Vulnerability Date: 2011/10/18 Author: I2sec-dae jin Oh Software Link: http://sourceforge.net/projects/openemr/files/OpenEMR%20Current/4.1.0/openemr-4.1.0.zip/download Vendor : www.open-emr.com Version: Openemr-4.1.0 Tested on: Windows 7...
Openemr-4.1.0 - SQL Injection
Exploit Title: Openemr-4.1.0 SQL injection Vulnerability Date: 2011/10/18 Author: I2sec-dae jin Oh Software Link: http://sourceforge.net/projects/openemr/files/OpenEMR%20Current/4.1.0/openemr-4.1.0.zip/download Vendor : www.open-emr.com Version: Openemr-4.1.0 Tested on: Windows 7...