CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 6CVE-2012-0991 – OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion
https://notcve.org/view.php?id=CVE-2012-0991
07 Feb 2012 — Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. Múltiples vulnerabilidades de salto de directorio en OpenEMR v4.1.0, permite a usuarios autenticados remotamente leer archivos de su elección a través de un .. (punto punto) en el parámetro formname en (1) contri... • https://www.exploit-db.com/exploits/36650 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 2CVE-2007-0649 – OpenEMR 2.8.2 - 'Import_XML.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-0649
01 Feb 2007 — Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue w... • https://www.exploit-db.com/exploits/29556 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2006-5811 – OpenEMR 2.8.1 - 'srcdir' Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2006-5811
08 Nov 2006 — PHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[srcdir] parameter. Vulnerabilidad de inclusión remota de archivo en PHP en library/translation.inc.php de OpenEMR 2.8.1, cuando register_globals está activado, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro GLOBALS[srcdir]. • https://www.exploit-db.com/exploits/2727 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2006-5795 – OpenEMR 2.8.1 - 'srcdir' Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2006-5795
08 Nov 2006 — Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php and (i) main.php in interface/main/; (j) interface/new/new_patient_save.p... • https://www.exploit-db.com/exploits/2727 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2006-2929 – OpenEMR 2.8.1 - 'fileroot' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2929
09 Jun 2006 — PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter. • https://www.exploit-db.com/exploits/1886 •