CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 2CVE-2007-0649 – OpenEMR 2.8.2 - 'Import_XML.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-0649
Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error. Una vulnerabilidad de sobrescritura de variables en el archivo interface/globals.php en OpenEMR versión 2.8.2 y anteriores, permite a los atacantes remotos sobrescribir variables de programa arbitrarias y conducir otras actividades no autorizadas, como dirigir ataques de (a) inclusión de archivos remotos por medio del parámetro srcdir en custom/import_xml.php o (b) ataques de tipo Cross-Site Scripting (XSS) por medio del parámetro rootdir en interface/login/login_frame.php, por medio de vectores asociados con operaciones de extracción en POST y en matrices superglobales. NOTA: este problema se cuestionó originalmente anterior a que se identificara el comportamiento del extracto en el análisis posterior a la divulgación. • https://www.exploit-db.com/exploits/29556 https://www.exploit-db.com/exploits/29557 http://attrition.org/pipermail/vim/2007-January/001254.html http://attrition.org/pipermail/vim/2007-January/001258.html http://osvdb.org/33603 http://osvdb.org/33609 http://securityreason.com/securityalert/2202 http://www.securityfocus.com/archive/1/458306/100/0/threaded http://www.securityfocus.com/archive/1/458426/100/0/threaded http://www.securityfocus.com/archive/1/458456/100/0/t • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 2CVE-2006-5811 – OpenEMR 2.8.1 - 'srcdir' Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2006-5811
PHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[srcdir] parameter. Vulnerabilidad de inclusión remota de archivo en PHP en library/translation.inc.php de OpenEMR 2.8.1, cuando register_globals está activado, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro GLOBALS[srcdir]. • https://www.exploit-db.com/exploits/2727 http://advisories.echo.or.id/adv/adv60-theday-2006.txt http://secunia.com/advisories/22695 http://securityreason.com/securityalert/1844 http://www.securityfocus.com/archive/1/450698/100/0/threaded http://www.vupen.com/english/advisories/2006/4382 https://exchange.xforce.ibmcloud.com/vulnerabilities/30036 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2006-5795 – OpenEMR 2.8.1 - 'srcdir' Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2006-5795
Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php and (i) main.php in interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, and (o) front_receipts_report.php in interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, and (r) user_info.php in interface/usergroup/; or (s) custom/import_xml.php. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en OpenEMR 2.8.1 y versiones anteriores, cuando el registro global está habilitado, permiten a atacantes remotos la ejecución de código PHP de su elección mediante una URL en el parámetro srcdir del (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, y (d) print_billing_report.php en la ruta interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php y (i) main.php en la ruta interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, y (o) front_receipts_report.php en la ruta interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, y (r) user_info.php en la ruta interface/usergroup/; o del (s) custom/import_xml.php. • https://www.exploit-db.com/exploits/2727 http://advisories.echo.or.id/adv/adv60-theday-2006.txt http://secunia.com/advisories/22695 http://securityreason.com/securityalert/1834 http://www.securityfocus.com/archive/1/450698/100/0/threaded http://www.vupen.com/english/advisories/2006/4382 https://exchange.xforce.ibmcloud.com/vulnerabilities/30036 •
CVSS: 6.8EPSS: 6%CPEs: 1EXPL: 1CVE-2006-2929 – OpenEMR 2.8.1 - 'fileroot' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2929
PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter. • https://www.exploit-db.com/exploits/1886 http://secunia.com/advisories/20505 http://www.vupen.com/english/advisories/2006/2196 https://exchange.xforce.ibmcloud.com/vulnerabilities/26984 •