8 matches found
EUVD-2022-24517
Malicious code in bioql PyPI...
CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0...
CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0...
Design/Logic Flaw
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0...
CVE-2022-1177 Accounting User Can Download Patient Reports in openemr in openemr/openemr
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0...
CVE-2022-1177
OpenEMR contains an insecure direct object reference in interface/patient_file/report/custom_report.php (pre-6.1.0). An authenticated user can manipulate the Issue_7 parameter to download arbitrary patient reports, exposing sensitive data. The issue is tracked as CVE-2022-1177 and is documented a...
CVE-2022-1177 Accounting User Can Download Patient Reports in openemr in openemr/openemr
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0...
Accounting User Can Download Patient Reports in openemr
Vulnerability Type Insecure Direct Object Reference Affected URL https://localhost/openemr/interface/patientfile/report/customreport.php Affected Parameters “Issue7” Authentication Required? Yes Issue Summary Non-privilege users accounting & front-office can download patient reports containing...