Lucene search
Allen Enosh Upputori1337DAY-ID-36714HistorySep 06, 2021 - 12:00 a.m.
OpenEMR 6.0.0 - (noteid) Insecure Direct Object Reference Vulnerability
2021-09-0600:00:00
Allen Enosh Upputori
0day.today
101
0.009 Low
EPSS
Percentile
83.0%
# Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
# Exploit Author: Allen Enosh Upputori
# Vendor Homepage: https://www.open-emr.org
# Software Link: https://www.open-emr.org/wiki/index.php/OpenEMR_Downloads
# Version: 6.0.0
# Tested on: Linux
# CVE : CVE-2021-40352
How to Reproduce this Vulnerability:
1. Install Openemr 6.0.0
2. Login as an Physician
3. Open Messages
4. Click Print
5. Change the existing "noteid=" value to another number
This will reveal everybodys messages Incuding Admin only Messages
Related
osv
osv
CVE-2021-40352
2021-09-01 13:15:08
openvas
openvas
OpenEMR <= 7.0.0 IDOR Vulnerability
2021-09-21 00:00:00
cvelist
cvelist
CVE-2021-40352
2021-09-01 12:20:41
githubexploit
githubexploit
prion
prion
Design/Logic Flaw
2021-09-01 13:15:00
nvd
nvd
CVE-2021-40352
2021-09-01 13:15:08
cve
cve
CVE-2021-40352
2021-09-01 13:15:08
packetstorm
packetstorm
OpenEMR 6.0.0 Insecure Direct Object Reference
2021-09-01 00:00:00
exploitdb
exploitdb
OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
2021-09-06 00:00:00