CVSS: 8.8EPSS: 41%CPEs: 1EXPL: 6CVE-2019-14530 – OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated)
https://notcve.org/view.php?id=CVE-2019-14530
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. Se descubrió un problema en custom / ajax_download.php en OpenEMR antes de 5.0.2 a través del parámetro fileName. Un atacante puede descargar cualquier de archivo (que pueda leer el usuario www-data) del almacenamiento del servidor. • https://www.exploit-db.com/exploits/50037 https://github.com/sec-it/exploit-CVE-2019-14530 https://github.com/Wezery/CVE-2019-14530 http://packetstormsecurity.com/files/163215/OpenEMR-5.0.1.7-Path-Traversal.html http://packetstormsecurity.com/files/163375/OpenEMR-5.0.1.7-Path-Traversal.html https://github.com/Hacker5preme/Exploits/tree/main/CVE-2019-14530-Exploit https://github.com/openemr/openemr/pull/2592 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14529
https://notcve.org/view.php?id=CVE-2019-14529
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. OpenEMR anterior a versión 5.0.2, permite la inyección SQL en el archivo interface/forms/eye_mag/save.php. • https://github.com/Wezery/CVE-2019-14529 https://github.com/openemr/openemr/pull/2592 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17181
https://notcve.org/view.php?id=CVE-2018-17181
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php. Un problema fue descubierto en OpenEMR antes de 5.0.1 Patch 7. La SQL Injection existe en las funciones SaveAudit en /portal/lib/paylib.php y portalAudit en /portal/lib/appsql.class.php. • https://github.com/openemr/openemr/commit/4963fe4932a0a4e1e982642226174e9931d09541 https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#5.0.1_Patch_.289.2F9.2F18.29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17180
https://notcve.org/view.php?id=CVE-2018-17180
An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php. Un problema fue descubierto en OpenEMR antes de la versión 5.0.1 del Patch 7 . Directory Traversal existe por medio de docid = .. / to /portal/lib/download_template.php. • https://github.com/openemr/openemr/commit/4963fe4932a0a4e1e982642226174e9931d09541 https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#5.0.1_Patch_.289.2F9.2F18.29 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-17179 – OpenEMR 5.0.1 Patch 6 SQL Injection
https://notcve.org/view.php?id=CVE-2018-17179
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php. Un problema fue descubierto en OpenEMR antes del Patch 5.0.1. Hay SQL Injection en la función make_task en /interface/forms/eye_mag/php/taskman_functions.php a través de /interface/forms/eye_mag/taskman.php. • https://github.com/openemr/openemr/commit/3e22d11c7175c1ebbf3d862545ce6fee18f70617 https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#5.0.1_Patch_.289.2F9.2F18.29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •