Openemr@4.0.0 Security Vulnerabilities and Issues — Openemr@4.0.0 CVE List

Lucene search

Open-emrOpenemr4.0.0

4 matches found

CVE•added 2012/09/09 9:55 p.m.•41 views

CVE-2011-5160

Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.

4.3CVSS5.8AI score0.0016EPSS

CVE•added 2015/07/05 1:59 a.m.•37 views

CVE-2015-4453

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_searc...

5CVSS6.7AI score0.40869EPSS

CVE•added 2012/09/09 9:55 p.m.•31 views

CVE-2012-2115

SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.

7.5CVSS8.8AI score0.00152EPSS

CVE•added 2012/09/09 9:55 p.m.•28 views

CVE-2011-5161

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under docu...

6.8CVSS7.9AI score0.018EPSS