Page 21 of 111 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/chart_tracker.php. Múltiples vulnerabilidades de inyección SQL en OpenEMR v4.1.1 permite a usuarios autenticados remotamente ejecutar comandos SQL arbitrarios a través de los parámetros (1) “start” o (2) “end” interface/reports/custom_report_range.php, o en el parámetro (3) form_newid en custom/chart_tracker.php. OpenEMR versions 4.1.1 patch-12 and below suffer from cross site scripting and remote SQL injection vulnerabilities. • http://secunia.com/advisories/54083 http://sourceforge.net/p/openemr/code/ci/8a8a4607ba5ae2b9eb6b6a3b1b8ed7c6ea7e03b1 http://sourceforge.net/p/openemr/discussion/202506/thread/4854b2b1/#9658 https://www.trustwave.com/spiderlabs/advisories/TWSL2013-018.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter. Vulnerabilidad Cross-site scripting (XSS) en interface/main/onotes/office_comments_full.php en OpenEMR v4.1.1 , permite a atacantes remotos ejecutar secuencias de comandos web o HTML arbitrarias a través del parámetro “note”. OpenEMR versions 4.1.1 patch-12 and below suffer from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/38654 http://secunia.com/advisories/54083 http://sourceforge.net/p/openemr/code/ci/8a8a4607ba5ae2b9eb6b6a3b1b8ed7c6ea7e03b1 http://sourceforge.net/p/openemr/discussion/202506/thread/4854b2b1/#9658 https://www.trustwave.com/spiderlabs/advisories/TWSL2013-018.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 3

Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenEMR v4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro site. • https://www.exploit-db.com/exploits/18274 https://www.exploit-db.com/exploits/17118 http://www.exploit-db.com/exploits/18274 https://exchange.xforce.ibmcloud.com/vulnerabilities/71982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 3

SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. Vulnerabilidad de inyección SQL en interface/login/validateUser.php en OpenEMR v4.1.0 y posiblemente versiones anteriores, permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro u. • https://www.exploit-db.com/exploits/18274 http://archives.neohapsis.com/archives/bugtraq/2012-01/0013.html http://seclists.org/fulldisclosure/2012/Jan/27 http://www.exploit-db.com/exploits/18274 http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr http://www.open-emr.org/wiki/index.php/OpenEMR_Patches http://www.openwall.com/lists/oss-security/2012/04/17/1 http://www.openwall.com/lists/oss-security/2012/04/18/7 http://www.osvdb.org/78132 http: • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 2

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/. Vulnerabilidad de subida de ficheros sin restricciones en la funcionalidad fotografía de paciente en OpenEMR v4, permite a atacantes remotos ejecutar código PHP de su elección mediante la carga de un archivo con una extensión ejecutable seguido de una extensión segura, accediendo entonces a él a través de una solicitud dirigida directamente al directorio del pacientes bajo documents/. • https://www.exploit-db.com/exploits/18274 http://www.exploit-db.com/exploits/18274 https://exchange.xforce.ibmcloud.com/vulnerabilities/71981 •