Open Emr Openemr

A Path Traversal in setup.php in OpenEMR < 7.0.0

CVE-2023-22974 7.5 - High - February 22, 2023

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

Files or Directories Accessible to External Parties

A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0

CVE-2023-22973 8.8 - High - February 22, 2023

A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.

Directory traversal

A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0

CVE-2023-22972 5.4 - Medium - February 22, 2023

A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

CVE-2022-4733 4.8 - Medium - December 27, 2022

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

CVE-2022-4615 6.1 - Medium - December 19, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

XSS

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

CVE-2022-4567 8.1 - High - December 17, 2022

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

Authorization

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

CVE-2022-4506 8.8 - High - December 15, 2022

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

Unrestricted File Upload

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

CVE-2022-4505 4.3 - Medium - December 15, 2022

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.

Authorization

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.

CVE-2022-4504 7.5 - High - December 15, 2022

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.

Improper Input Validation

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

CVE-2022-4503 6.1 - Medium - December 15, 2022

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.

XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

CVE-2022-4502 6.1 - Medium - December 15, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

XSS

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2824 5.4 - Medium - August 15, 2022

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1.

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2734 5.4 - Medium - August 09, 2022

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

Clickjacking

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2733 6.1 - Medium - August 09, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

XSS

Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2732 8.3 - High - August 09, 2022

Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1.

Improper Privilege Management

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2731 6.1 - Medium - August 09, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

XSS

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2730 6.5 - Medium - August 09, 2022

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

Insecure Direct Object Reference / IDOR

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2729 5.4 - Medium - August 09, 2022

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

XSS

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

CVE-2022-2494 5.4 - Medium - July 22, 2022

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.

XSS

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.

CVE-2022-2493 8.1 - High - July 22, 2022

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.

CVE-2022-1461 6.5 - Medium - April 25, 2022

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.

Insecure Direct Object Reference / IDOR

Non-Privilege User Can View Patients Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.

CVE-2022-1459 8.3 - High - April 25, 2022

Non-Privilege User Can View Patients Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.

Insecure Direct Object Reference / IDOR

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.

CVE-2022-1458 5.4 - Medium - April 25, 2022

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.

XSS

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7

CVE-2020-13567 9.8 - Critical - April 18, 2022

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

SQL Injection

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.

CVE-2022-1181 5.4 - Medium - March 30, 2022

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.

XSS

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

CVE-2022-1180 3.5 - Low - March 30, 2022

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

XSS

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

CVE-2022-1179 5.4 - Medium - March 30, 2022

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

XSS

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

CVE-2022-1178 5.4 - Medium - March 30, 2022

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.

XSS

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

CVE-2022-1177 4.3 - Medium - March 30, 2022

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

AuthZ

A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.

CVE-2022-24643 5.4 - Medium - March 25, 2022

A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.

XSS

OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.

CVE-2022-25041 4.3 - Medium - March 23, 2022

OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.

Exposure of Resource to Wrong Sphere

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0

CVE-2022-25471 8.1 - High - March 03, 2022

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.

Insecure Direct Object Reference / IDOR

An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3

CVE-2021-41843 6.5 - Medium - December 17, 2021

An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI.

SQL Injection

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability

CVE-2021-40352 6.5 - Medium - September 01, 2021

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.

Insecure Direct Object Reference / IDOR

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit

CVE-2021-25923 8.1 - High - June 24, 2021

In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. If a malicious user is aware of the first 72 characters of the victim users password, he can leverage it to an account takeover.

Weak Password Requirements

A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.

CVE-2021-32104 8.8 - High - May 07, 2021

A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.

SQL Injection

A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1

CVE-2021-32103 4.8 - Medium - May 07, 2021

A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.

XSS

A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.

CVE-2021-32102 8.8 - High - May 07, 2021

A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.

SQL Injection

The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php

CVE-2021-32101 8.2 - High - May 07, 2021

The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient.

Incorrect Permission Assignment for Critical Resource

SQL injection vulnerabilities exist in phpGACL 3.3.7

CVE-2020-13566 8.8 - High - April 13, 2021

SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is Delete, the POST parameter delete_group leads to a SQL injection.

SQL Injection

SQL injection vulnerability exists in phpGACL 3.3.7

CVE-2020-13568 8.8 - High - April 13, 2021

SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is Submit, the POST parameter parent_id leads to a SQL injection.

SQL Injection

In OpenEMR

CVE-2021-25917 4.8 - Medium - March 22, 2021

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.

XSS

In OpenEMR

CVE-2021-25918 4.8 - Medium - March 22, 2021

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.

XSS

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly

CVE-2021-25919 4.8 - Medium - March 22, 2021

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user.

XSS

In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user

CVE-2021-25920 6.5 - Medium - March 22, 2021

In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.

Improper Handling of Case Sensitivity

In OpenEMR

CVE-2021-25921 5.4 - Medium - March 22, 2021

In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit.

XSS

In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly

CVE-2021-25922 6.1 - Medium - March 22, 2021

In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code.

XSS

A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5

CVE-2020-29139 7.2 - High - February 15, 2021

A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter.

SQL Injection

A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5

CVE-2020-29140 7.2 - High - February 15, 2021

A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.

SQL Injection

A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5

CVE-2020-29143 7.2 - High - February 15, 2021

A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.

SQL Injection

A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5

CVE-2020-29142 7.2 - High - February 15, 2021

A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings.

SQL Injection

An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7

CVE-2020-13565 6.1 - Medium - February 10, 2021

An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.

Open Redirect

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php

CVE-2020-36243 8.8 - High - February 07, 2021

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.

Shell injection

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7

CVE-2020-13564 6.1 - Medium - February 01, 2021

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter.

XSS

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7

CVE-2020-13563 6.1 - Medium - February 01, 2021

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.

XSS

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7

CVE-2020-13562 6.1 - Medium - February 01, 2021

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter.

XSS

A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce)

CVE-2020-13569 8.8 - High - January 28, 2021

A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.

Session Riding

Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2

CVE-2019-16404 8.8 - High - October 21, 2019

Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.

SQL Injection

Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1

CVE-2019-16862 6.1 - Medium - October 21, 2019

Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.

XSS

Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.

CVE-2019-17409 6.1 - Medium - October 21, 2019

Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.

XSS

OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php

CVE-2019-17197 9.8 - Critical - October 05, 2019

OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.

SQL Injection

4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1

CVE-2019-17179 6.1 - Medium - October 04, 2019

4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1

XSS

OpenEMR v5.0.1-6 allows XSS.

CVE-2019-8368 6.1 - Medium - September 16, 2019

OpenEMR v5.0.1-6 allows XSS.

XSS

OpenEMR v5.0.1-6 allows code execution.

CVE-2019-8371 7.2 - High - September 16, 2019

OpenEMR v5.0.1-6 allows code execution.

Code Injection

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system

CVE-2019-3968 8.8 - High - August 20, 2019

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.

Shell injection

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter

CVE-2019-3963 6.1 - Medium - August 20, 2019

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

XSS

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter

CVE-2019-3964 6.1 - Medium - August 20, 2019

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

XSS

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter

CVE-2019-3965 6.1 - Medium - August 20, 2019

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

XSS

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter

CVE-2019-3966 6.1 - Medium - August 20, 2019

In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.

XSS

In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw

CVE-2019-3967 6.5 - Medium - August 20, 2019

In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.

Directory traversal

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter

CVE-2019-14530 8.8 - High - August 13, 2019

An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.

Directory traversal

OpenEMR before 5.0.2

CVE-2019-14529 9.8 - Critical - August 02, 2019

OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.

SQL Injection

An issue was discovered in OpenEMR before 5.0.1 Patch 7

CVE-2018-17179 9.8 - Critical - May 17, 2019

An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.

SQL Injection

An issue was discovered in OpenEMR before 5.0.1 Patch 7

CVE-2018-17180 5.3 - Medium - May 17, 2019

An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.

Directory traversal

An issue was discovered in OpenEMR before 5.0.1 Patch 7

CVE-2018-17181 9.8 - Critical - May 17, 2019

An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php.

SQL Injection

A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could

CVE-2018-18035 6.1 - Medium - April 02, 2019

A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.

XSS

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php

CVE-2018-1000218 5.4 - Medium - August 20, 2018

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..

XSS

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php

CVE-2018-1000219 5.4 - Medium - August 20, 2018

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..

XSS

SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15146 8.8 - High - August 15, 2018

SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.

SQL Injection

SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4

CVE-2018-15147 8.8 - High - August 15, 2018

SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.

SQL Injection

SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15148 8.8 - High - August 15, 2018

SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.

SQL Injection

SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4

CVE-2018-15149 8.8 - High - August 15, 2018

SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.

SQL Injection

SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15150 8.8 - High - August 15, 2018

SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php.

SQL Injection

SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15151 8.8 - High - August 15, 2018

SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.

SQL Injection

Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15152 9.1 - Critical - August 15, 2018

Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.

authentification

OS command injection occurring in versions of OpenEMR before 5.0.1.4

CVE-2018-15153 8.8 - High - August 15, 2018

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.

Shell injection

OS command injection occurring in versions of OpenEMR before 5.0.1.4

CVE-2018-15154 8.8 - High - August 15, 2018

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php.

Shell injection

OS command injection occurring in versions of OpenEMR before 5.0.1.4

CVE-2018-15155 8.8 - High - August 15, 2018

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in interface/super/edit_globals.php.

Shell injection

OS command injection occurring in versions of OpenEMR before 5.0.1.4

CVE-2018-15156 8.8 - High - August 15, 2018

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.

Shell injection

Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15139 8.8 - High - August 13, 2018

Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.

Unrestricted File Upload

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15140 6.5 - Medium - August 13, 2018

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.

Directory traversal

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15141 6.5 - Medium - August 13, 2018

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.

Directory traversal

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15142 8.8 - High - August 13, 2018

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory.

Directory traversal

Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15143 9.8 - Critical - August 13, 2018

Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter.

SQL Injection

SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15144 8.8 - High - August 13, 2018

SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter.

SQL Injection

Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4

CVE-2018-15145 9.8 - Critical - August 13, 2018

Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter.

SQL Injection

interface\super\edit_list.php in OpenEMR before v5_0_1_1

CVE-2018-9250 8.8 - High - May 18, 2018

interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter.

SQL Injection

Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1

CVE-2018-10571 6.1 - Medium - April 30, 2018

Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php.

XSS

interface/patient_file/letter.php in OpenEMR before 5.0.1

CVE-2018-10572 6.5 - Medium - April 30, 2018

interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.

interface/fax/fax_dispatch.php in OpenEMR before 5.0.1

CVE-2018-10573 8.8 - High - April 30, 2018

interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.