Openemr@5.0.2.1 Security Vulnerabilities and Issues — Openemr@5.0.2.1 CVE List

Lucene search

Open-emrOpenemr5.0.2.1

4 matches found

CVE•added 2021/02/07 8:15 p.m.•88 views

CVE-2020-36243

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.

9CVSS8.9AI score0.85885EPSS

CVE•added 2021/05/07 4:15 a.m.•42 views

CVE-2021-32101

The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulat...

8.2CVSS8.1AI score0.00217EPSS

CVE•added 2021/05/07 4:15 a.m.•41 views

CVE-2021-32104

A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.

8.8CVSS9AI score0.00024EPSS

CVE•added 2021/05/07 4:15 a.m.•32 views

CVE-2021-32102

A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.

8.8CVSS9AI score0.00024EPSS