CVE-2020-13569
published 2021-01-28CVE-2020-13569: A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit…
PriorityP350high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
3.03%
85.8th percentile
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-emr | openemr | — | — |
| open-emr | openemr | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
blogs_talos·2021-01-27·CVSS 6.1
[MEDIUM] Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library that allows developers to implement permission systems via a Generic Access Control List. An adversary could exploit these vulnerabilities by sending the target machine a specially crafted, malicious HTTP request or URL.
In accordance with our coordinated disclosure policy, Cisco Talos worked with phpGACL and OpenEMR to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details
phpGACL template multiple cross-site scripting vulnerabilit
Talos
Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
blogs_talos·2021-01-27·CVSS 6.1
[MEDIUM] Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
## Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library that allows developers to implement permission systems via a Generic Access Control List. An adversary could exploit these vulnerabilities by sending the target machine a specially crafted, malicious HTTP request or URL.
In accordance with our coordinated disclosure policy, Cisco Talos worked with phpGACL and OpenEMR to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerabili
2021-01-28
Published