CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2493 – Data Access from Outside Expected Data Manager Component in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-2493
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. Un Acceso a Datos desde Fuera del Componente de Administración de Datos Esperado en el repositorio de GitHub openemr/openemr versiones anteriores a 7.0.0 • https://github.com/openemr/openemr/commit/871ae5198d8ca18fd17257ae7c5c906a52dca908 https://huntr.dev/bounties/8a4d54e2-e1cd-47c3-9304-ac8be87c80f1 • CWE-1083: Data Access from Outside Expected Data Manager Component •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1461 – Non Privilege User can Enable or Disable Registered in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1461
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. Un Usuario no Privilegiado puede Habilitar o Deshabilitar el Registro en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/3af1f4a28a8df0e446043232214ed08cc8e0889d https://huntr.dev/bounties/690a8ec5-64fc-4180-9f1f-c3c599bae0a9 • CWE-639: Authorization Bypass Through User-Controlled Key CWE-1220: Insufficient Granularity of Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1459 – Non-Privilege User Can View Patient’s Disclosures in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1459
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. Un Usuario no Privilegiado Puede Visualizar las Revelaciones del Paciente en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/8f8a97724c0e8fcc4096b4b30af9aaf064ada45a https://huntr.dev/bounties/9023ca9b-a601-4e5d-8952-640c60d029f1 • CWE-639: Authorization Bypass Through User-Controlled Key CWE-1118: Insufficient Documentation of Error Handling Techniques •
CVSS: 7.3EPSS: 1%CPEs: 1EXPL: 1CVE-2022-1458 – Stored XSS Leads To Session Hijacking in openemr/openemr
https://notcve.org/view.php?id=CVE-2022-1458
Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. Un ataque de tipo XSS almacenado conlleva a un Secuestro de Sesión en el repositorio de GitHub openemr/openemr versiones anteriores a 6.1.0.1 • https://github.com/openemr/openemr/commit/31f08005e53b17d1bc921d23f7ee774930ad416d https://huntr.dev/bounties/78674078-0796-4102-a81e-f699cd6981b0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13567
https://notcve.org/view.php?id=CVE-2020-13567
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Se presentan múltiples vulnerabilidades de inyección SQL en phpGACL versión 3.3.7. Una petición HTTP especialmente diseñada puede conllevar a una inyección SQL. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1179 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •