CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2019-3964
https://notcve.org/view.php?id=CVE-2019-3964
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. En OpenEMR 5.0.1 y versiones anteriores, controller.php contiene una vulnerabilidad XSS reflejada en el parámetro doc_id. Esto podría permitir a un atacante ejecutar código arbitrario en el contexto de la sesión de un usuario. • https://www.tenable.com/security/research/tra-2019-40 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2019-3963
https://notcve.org/view.php?id=CVE-2019-3963
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. En OpenEMR 5.0.1 y versiones anteriores, controller.php contiene una vulnerabilidad XSS reflejada en el parámetro patient_id. Esto podría permitir a un atacante ejecutar código arbitrario en el contexto de la sesión de un usuario. • https://www.tenable.com/security/research/tra-2019-40 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 41%CPEs: 1EXPL: 6CVE-2019-14530 – OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated)
https://notcve.org/view.php?id=CVE-2019-14530
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. Se descubrió un problema en custom / ajax_download.php en OpenEMR antes de 5.0.2 a través del parámetro fileName. Un atacante puede descargar cualquier de archivo (que pueda leer el usuario www-data) del almacenamiento del servidor. • https://www.exploit-db.com/exploits/50037 https://github.com/sec-it/exploit-CVE-2019-14530 https://github.com/Wezery/CVE-2019-14530 http://packetstormsecurity.com/files/163215/OpenEMR-5.0.1.7-Path-Traversal.html http://packetstormsecurity.com/files/163375/OpenEMR-5.0.1.7-Path-Traversal.html https://github.com/Hacker5preme/Exploits/tree/main/CVE-2019-14530-Exploit https://github.com/openemr/openemr/pull/2592 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14529
https://notcve.org/view.php?id=CVE-2019-14529
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php. OpenEMR anterior a versión 5.0.2, permite la inyección SQL en el archivo interface/forms/eye_mag/save.php. • https://github.com/Wezery/CVE-2019-14529 https://github.com/openemr/openemr/pull/2592 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17181
https://notcve.org/view.php?id=CVE-2018-17181
An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php. Un problema fue descubierto en OpenEMR antes de 5.0.1 Patch 7. La SQL Injection existe en las funciones SaveAudit en /portal/lib/paylib.php y portalAudit en /portal/lib/appsql.class.php. • https://github.com/openemr/openemr/commit/4963fe4932a0a4e1e982642226174e9931d09541 https://www.open-emr.org/wiki/index.php/OpenEMR_Patches#5.0.1_Patch_.289.2F9.2F18.29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •