cbcvebase.

Open-Emr Openemr vulnerabilities

216 known vulnerabilities affecting open-emr/openemr.

Total CVEs
216
CISA KEV
0
Public exploits
20
Exploited in wild
0
Severity breakdown
CRITICAL14HIGH80MEDIUM120LOW2

Vulnerabilities

Page 1 of 11
CVE-2019-14530P2HIGHCVSS 8.8PoCfixed in 5.0.22019-08-13
CVE-2019-14530 [HIGH] CWE-22 CVE-2019-14530: An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName paramet An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted fro
nvd
CVE-2018-15152P2CRITICALCVSS 9.1PoCfixed in 5.0.1.42018-08-15
CVE-2018-15152 [CRITICAL] CWE-287 CVE-2018-15152: Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0 Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/
nvd
CVE-2018-15139P2HIGHCVSS 8.8PoCfixed in 5.0.1.42018-08-13
CVE-2018-15139 [HIGH] CWE-434 CVE-2018-15139: Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0. Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory.
nvd
CVE-2018-15142P2HIGHCVSS 8.8PoCfixed in 5.0.1.42018-08-13
CVE-2018-15142 [HIGH] CWE-22 CVE-2018-15142: Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a rem Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory.
nvd
CVE-2017-9380P2HIGHCVSS 8.8PoC≤ 5.0.02017-06-02
CVE-2017-9380 [HIGH] CWE-434 CVE-2017-9380: OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can resu OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
nvd
CVE-2023-2948P3MEDIUMCVSS 6.1PoCfixed in 7.0.12023-05-28
CVE-2023-2948 [MEDIUM] CWE-79 CVE-2023-2948: Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
nvd
CVE-2022-2733P3MEDIUMCVSS 6.1PoCfixed in 7.0.0.12022-08-09
CVE-2022-2733 [MEDIUM] CWE-79 CVE-2022-2733: Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
nvd
CVE-2013-10044P2HIGHCVSS 8.8PoC≤ 4.1.12025-08-01
CVE-2013-10044 [HIGH] CWE-89 CVE-2013-10044: An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-pr An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and it
nvd
CVE-2018-17179P2CRITICALCVSS 9.8PoCfixed in 5.0.1.72019-05-17
CVE-2018-17179 [CRITICAL] CWE-89 CVE-2018-17179: An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task fun An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php.
nvd
CVE-2020-36243P2HIGHCVSS 8.8v5.0.2.12021-02-07
CVE-2020-36243 [HIGH] CWE-78 CVE-2020-36243: The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters.
nvd
CVE-2018-15153P2HIGHCVSS 8.8fixed in 5.0.1.42018-08-15
CVE-2018-15153 [HIGH] CWE-78 CVE-2018-15153: OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated a OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.
nvd
CVE-2020-19364P2HIGHCVSS 8.8v5.0.12021-01-20
CVE-2020-19364 [HIGH] CWE-434 CVE-2020-19364: OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through / OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.
nvd
CVE-2018-15140P3MEDIUMCVSS 6.5PoCfixed in 5.0.1.42018-08-13
CVE-2018-15140 [MEDIUM] CWE-22 CVE-2018-15140: Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a rem Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get.
nvd
CVE-2018-15141P3MEDIUMCVSS 6.5PoCfixed in 5.0.1.42018-08-13
CVE-2018-15141 [MEDIUM] CWE-22 CVE-2018-15141: Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a rem Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete.
nvd
CVE-2012-2115P3HIGHCVSS 7.5PoC≤ 4.1.0v3.1.0+2 more2012-09-09
CVE-2012-2115 [HIGH] CWE-89 CVE-2012-2115: SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlie SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
nvd
CVE-2026-24848P2CRITICALCVSS 9.9fixed in 7.0.42026-03-03
CVE-2026-24848 [CRITICAL] CWE-22 CVE-2026-24848: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerability can be exploited to achieve Remote Code Execution
nvd
CVE-2017-16540P3HIGHCVSS 7.5PoCfixed in 5.0.02017-11-04
CVE-2017-16540 [HIGH] CWE-200 CVE-2017-16540: OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php expose OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.
nvd
CVE-2026-24849P3MEDIUMCVSS 6.5PoCfixed in 7.0.42026-02-25
CVE-2026-24849 [MEDIUM] CWE-22 CVE-2026-24849: OpenEMR is a free and open source electronic health records and medical practice management applicat OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the `disposeDocument()` method in `EtherFaxActions.php` allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user (regardless of privilege level) can exploit this vulnerability to
nvd
CVE-2021-40352P3MEDIUMCVSS 6.5PoCv6.0.02021-09-01
CVE-2021-40352 [MEDIUM] CWE-639 CVE-2021-40352: OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via whic OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.
nvd
CVE-2011-5161P3MEDIUMCVSS 6.8PoCv4.0.0v4.1.0+1 more2012-09-09
CVE-2011-5161 [MEDIUM] CVE-2011-5161: Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows r Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/.
nvd
1 / 11Next →
Open-Emr Openemr vulnerabilities | cvebase