CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15154
https://notcve.org/view.php?id=CVE-2018-15154
15 Aug 2018 — OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php. Ocurre una inyección de comandos de sistema operativo en las versiones de OpenEMR anteriores a la 5.0.1.4 que permite que un atacante autenticado remoto ejecute comandos arbitrarios realizando una petición manipulada a... • https://github.com/openemr/openemr/pull/1757 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15149
https://notcve.org/view.php?id=CVE-2018-15149
15 Aug 2018 — SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter. Vulnerabilidad de inyección SQL en interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc en versiones de OpenEMR anteriores a la 5.0.1.4 permiten que un atacante remoto autenticado ejecute comandos SQL mediante el parámetro "encounter". • https://github.com/openemr/openemr/pull/1757/files • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15148
https://notcve.org/view.php?id=CVE-2018-15148
15 Aug 2018 — SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter. Vulnerabilidad de inyección SQL en interface/patient_file/encounter/search_code.php en versiones de OpenEMR anteriores a la 5.0.1.4 permiten que un atacante remoto autenticado ejecute comandos SQL mediante el parámetro "text". • https://github.com/openemr/openemr/pull/1757/files • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15151
https://notcve.org/view.php?id=CVE-2018-15151
15 Aug 2018 — SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. Vulnerabilidad de inyección SQL en interface/de_identification_forms/find_code_popup.php en versiones de OpenEMR anteriores a la 5.0.1.4 permiten que un atacante remoto autenticado ejecute comandos SQL mediante el parámetro "search_term". • https://github.com/openemr/openemr/pull/1757/files • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15147
https://notcve.org/view.php?id=CVE-2018-15147
15 Aug 2018 — SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter. Vulnerabilidad de inyección SQL en interface/forms_admin/forms_admin.php from library/registry.inc en versiones de OpenEMR anteriores a la 5.0.1.4 permiten que un atacante remoto autenticado ejecute comandos SQL mediante el parámetro "id". • https://github.com/openemr/openemr/pull/1757/files • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 48%CPEs: 1EXPL: 1CVE-2018-15153
https://notcve.org/view.php?id=CVE-2018-15153
15 Aug 2018 — OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php. Ocurre una inyección de comandos de sistema operativo en las versiones de OpenEMR anteriores a la 5.0.1.4 que permite que un atacante autenticado remoto ejecute comandos arbitrarios realizando una petición manipulada a in... • https://github.com/openemr/openemr/pull/1757 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15156
https://notcve.org/view.php?id=CVE-2018-15156
15 Aug 2018 — OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php. Ocurre una inyección de comandos de sistema operativo en las versiones de OpenEMR anteriores a la 5.0.1.4 que permite que un atacante autenticado remoto ejecute comandos arbitrarios realizando una petición manipulada a interface/f... • https://github.com/openemr/openemr/pull/1757 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15150
https://notcve.org/view.php?id=CVE-2018-15150
15 Aug 2018 — SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php. Vulnerabilidad de inyección SQL en interface/de_identification_forms/de_identification_screen2.php en versiones de OpenEMR anteriores a la 5.0.1.4 permiten que un atacante remoto autenticado ejecute comandos SQL mediante la variab... • https://github.com/openemr/openemr/pull/1757/files • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15155
https://notcve.org/view.php?id=CVE-2018-15155
15 Aug 2018 — OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in interface/super/edit_globals.php. Ocurre una inyección de comandos de sistema operativo en las versiones de OpenEMR anteriores a la 5.0.1.4 que permite que un atacante autenticado remoto ejecute comandos arbitrarios realizando una petición manipulada a i... • https://github.com/openemr/openemr/pull/1757 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15146
https://notcve.org/view.php?id=CVE-2018-15146
15 Aug 2018 — SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. Vulnerabilidad de inyección SQL en interface/de_identification_forms/find_immunization_popup.php en versiones de OpenEMR anteriores a la 5.0.1.4 permiten que un atacante remoto autenticado ejecute comandos SQL mediante el parámetro "search_term". • https://github.com/openemr/openemr/pull/1757/files • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •