OpenEMR <= 5.0.1.4 XSS Vulnerabilities

OpenEMR is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenEMR Authentication Bypass Vulnerability

OpenEMR is a medical practice management software that also supports electronic medical records EMR. An authentication bypass vulnerability in portal/account/register.php in OpenEMR versions prior to 5.0.1.4 can be exploited by a remote attacker to access pages as a patient without authentication...

OpenEMR SQL Injection Vulnerability (CNVD-2018-17198)

OpenEMR is an open source medical management system maintained by the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A SQL injection vulnerability exists in the...

CVE-2018-15154

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sleobsearch.php after modifying the "printcommand" global variable in interface/super/editglobals.php...

CVE-2018-15151

SQL injection vulnerability in interface/deidentificationforms/findcodepopup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'searchterm' parameter...

CVE-2018-15149

SQL injection vulnerability in interface/forms/eyemag/php/Anythingsimple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter...

Command injection

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemonframe.php after modifying the "hylafaxserver" global variable in interface/super/editglobals.php...

Command injection

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxdispatch.php after modifying the "hylafaxenscript" global variable in interface/super/editglobals.php...

CVE-2018-15149

SQL injection vulnerability in interface/forms/eyemag/php/Anythingsimple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter...

CVE-2018-15152

Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access 1 portal/addediteventuser.php, 2 portal/findapptpopupuser.php, 3 portal/getallergies.php, 4 portal/getamendments.php, 5 portal/getlabresults.php, 6...