CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 3CVE-2011-5160 – OpenEMR 4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5160
09 Sep 2012 — Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenEMR v4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro site. • https://www.exploit-db.com/exploits/18274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3CVE-2012-0992 – OpenEMR 4.1 - '/Interface/fax/fax_dispatch.php?File' 'exec()' Call Arbitrary Shell Command Execution
https://notcve.org/view.php?id=CVE-2012-0992
07 Feb 2012 — interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. interface/fax/fax_dispatch.php en OpenEMR v4.1.0, permite a usuarios autenticados remotamente ejecutar comandos de su elección a través de metacaracteres de linea de comandos en el parámetro file. • https://www.exploit-db.com/exploits/36651 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 6CVE-2012-0991 – OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion
https://notcve.org/view.php?id=CVE-2012-0991
07 Feb 2012 — Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. Múltiples vulnerabilidades de salto de directorio en OpenEMR v4.1.0, permite a usuarios autenticados remotamente leer archivos de su elección a través de un .. (punto punto) en el parámetro formname en (1) contri... • https://www.exploit-db.com/exploits/36650 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •