Openemr@* Security Vulnerabilities and Issues — Openemr@* CVE List

Lucene search

Open-emrOpenemr*

6 matches found

CVE•added 2019/08/13 2:15 p.m.•122 views

CVE-2019-14530

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/def...

8.8CVSS7.2AI score0.79098EPSS

Web

CVE•added 2019/08/02 2:15 p.m.•43 views

CVE-2019-14529

OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.

9.8CVSS9.9AI score0.02108EPSS

CVE•added 2019/05/17 4:29 p.m.•42 views

CVE-2018-17179

An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.

9.8CVSS9.9AI score0.08357EPSS

Web

CVE•added 2019/04/02 10:29 p.m.•42 views

CVE-2018-18035

A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.

6.1CVSS5.9AI score0.02497EPSS

CVE•added 2019/05/17 4:29 p.m.•37 views

CVE-2018-17181

An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.

9.8CVSS9.9AI score0.00012EPSS

CVE•added 2019/05/17 4:29 p.m.•30 views

CVE-2018-17180

An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.

5.3CVSS5.6AI score0.00098EPSS

Web