Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.5 views

CVE-2026-33931

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/25 11:36 p.m.5 views

CVE-2026-33931 OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:36 p.m.3 views

CVE-2026-33931

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/25 11:36 p.m.18 views

CVE-2026-33931

Vulnerability summary (CVE-2026-33931) : OpenEMR prior to version 8.0.0.3 contains an insecure direct object reference (IDOR) in the patient portal payment page. By manipulating the recid parameter in portal/portal_payment.php, any authenticated portal patient could access other patients’ payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/25 11:36 p.m.3 views

CVE-2026-33931 OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.9AI score0.00351EPSS
Exploits1References5
NVD
NVD
added 2007/03/23 12:19 a.m.17 views

CVE-2007-1616

SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter...

7.5CVSS8.4AI score0.01224EPSS
Exploits0References6
Rows per page
Query Builder