CVE-2012-0991
published 2012-02-07CVE-2012-0991: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname…
PriorityP430low3.5CVSS 2.0
AVNACMAuSCPINAN
EXPLOIT
EPSS
11.26%
95.4th percentile
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openemr | openemr | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OpenEMR 4.1 - '/Interface/patient_file/encounter/load_form.php?formname' Traversal Local File Inclusion
exploitdb·2012-02-01
CVE-2012-0991 OpenEMR 4.1 - '/Interface/patient_file/encounter/load_form.php?formname' Traversal Local File Inclusion
OpenEMR 4.1 - '/Interface/patient_file/encounter/load_form.php?formname' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/51788/info
OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input.
A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the user running the application, obtain potentially sensitive information, and execute arbitrary local scripts in the context of the Web server process. This could allow the attacker to compromise the application and the computer; other attacks are also possible.
OpenEMR 4.1.0 is vulnerable; other versions may also be affected.
http://www.example.com/interface/patient_file/encounter/load_for
Exploit-DB
OpenEMR 4.1 - '/Interface/patient_file/encounter/trend_form.php?formname' Traversal Local File Inclusion
exploitdb·2012-02-01
CVE-2012-0991 OpenEMR 4.1 - '/Interface/patient_file/encounter/trend_form.php?formname' Traversal Local File Inclusion
OpenEMR 4.1 - '/Interface/patient_file/encounter/trend_form.php?formname' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/51788/info
OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input.
A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the user running the application, obtain potentially sensitive information, and execute arbitrary local scripts in the context of the Web server process. This could allow the attacker to compromise the application and the computer; other attacks are also possible.
OpenEMR 4.1.0 is vulnerable; other versions may also be affected.
http://www.example.com/interface/patient_file/encounter/trend_f
Exploit-DB
OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion
exploitdb·2012-02-01
CVE-2012-0991 OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion
OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion
---
source: https://www.securityfocus.com/bid/51788/info
OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input.
A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the user running the application, obtain potentially sensitive information, and execute arbitrary local scripts in the context of the Web server process. This could allow the attacker to compromise the application and the computer; other attacks are also possible.
OpenEMR 4.1.0 is vulnerable; other versions may also be affected.
http://www.example.com/contrib/acog/print_form.php?formname=../../../etc/passwd%00
Nuclei
OpenEMR 4.1 - Local File Inclusion
nuclei·CVSS 3.5
CVE-2012-0991 [LOW] OpenEMR 4.1 - Local File Inclusion
OpenEMR 4.1 - Local File Inclusion
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
Template:
id: CVE-2012-0991
info:
name: OpenEMR 4.1 - Local File Inclusion
author: daffainfo
severity: low
description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
impact: |
Successful exploitation of this
http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.htmlhttp://osvdb.org/78727http://osvdb.org/78728http://osvdb.org/78729http://osvdb.org/78730http://secunia.com/advisories/47781http://www.open-emr.org/wiki/index.php/OpenEMR_Patcheshttp://www.securityfocus.com/bid/51788https://exchange.xforce.ibmcloud.com/vulnerabilities/72914https://www.htbridge.ch/advisory/HTB23069http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.htmlhttp://osvdb.org/78727http://osvdb.org/78728http://osvdb.org/78729http://osvdb.org/78730http://secunia.com/advisories/47781http://www.open-emr.org/wiki/index.php/OpenEMR_Patcheshttp://www.securityfocus.com/bid/51788https://exchange.xforce.ibmcloud.com/vulnerabilities/72914https://www.htbridge.ch/advisory/HTB23069
2012-02-07
Published