CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2011-5161 – OpenEMR 4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5161
09 Sep 2012 — Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/. Vulnerabilidad de subida de ficheros sin restricciones en la funcionalidad fotografía de paciente en OpenEMR v4, permite a atacantes remotos ejecutar código PHP de su elección mediante la carga de un archi... • https://www.exploit-db.com/exploits/18274 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 3CVE-2011-5160 – OpenEMR 4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-5160
09 Sep 2012 — Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenEMR v4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro site. • https://www.exploit-db.com/exploits/18274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •