CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17181
https://notcve.org/view.php?id=CVE-2018-17181
17 May 2019 — An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php. Un problema fue descubierto en OpenEMR antes de 5.0.1 Patch 7. La SQL Injection existe en las funciones SaveAudit en /portal/lib/paylib.php y portalAudit en /portal/lib/appsql.class.php. • https://github.com/openemr/openemr/commit/4963fe4932a0a4e1e982642226174e9931d09541 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17180
https://notcve.org/view.php?id=CVE-2018-17180
17 May 2019 — An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php. Un problema fue descubierto en OpenEMR antes de la versión 5.0.1 del Patch 7 . Directory Traversal existe por medio de docid = .. / to /portal/lib/download_template.php. • https://github.com/openemr/openemr/commit/4963fe4932a0a4e1e982642226174e9931d09541 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-17179 – OpenEMR 5.0.1 Patch 6 SQL Injection
https://notcve.org/view.php?id=CVE-2018-17179
17 May 2019 — An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/forms/eye_mag/php/taskman_functions.php via /interface/forms/eye_mag/taskman.php. Un problema fue descubierto en OpenEMR antes del Patch 5.0.1. Hay SQL Injection en la función make_task en /interface/forms/eye_mag/php/taskman_functions.php a través de /interface/forms/eye_mag/taskman.php. • https://packetstorm.news/files/id/180735 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18035
https://notcve.org/view.php?id=CVE-2018-18035
02 Apr 2019 — A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. Una vulnerabilidad en flashcanvas.swf en OpenEMR, en versiones anteriores a la 5.0.1; Parche 6, podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) en un sistema objetivo. • https://www.open-emr.org/wiki/index.php/OpenEMR_Patches • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1000219
https://notcve.org/view.php?id=CVE-2018-1000219
20 Aug 2018 — OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.. OpenEMR v5_0_1_4 contiene una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro "scan" en la línea #41 de interface/fax/fax_view.php que puede resul... • https://github.com/openemr/openemr/blob/1b495b0b3cd16daf1e5f085145d9e19dea479c7f/interface/fax/fax_view.php#L41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1000218
https://notcve.org/view.php?id=CVE-2018-1000218
20 Aug 2018 — OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.. OpenEMR v5_0_1_4 contiene una vulnerabilidad Cross-Site Scripting (XSS) en el parámetro "file" en la línea #43 de interface/fax/fax_view.php que puede resul... • https://github.com/openemr/openemr/blob/1b495b0b3cd16daf1e5f085145d9e19dea479c7f/interface/fax/fax_view.php#L43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15154
https://notcve.org/view.php?id=CVE-2018-15154
15 Aug 2018 — OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php. Ocurre una inyección de comandos de sistema operativo en las versiones de OpenEMR anteriores a la 5.0.1.4 que permite que un atacante autenticado remoto ejecute comandos arbitrarios realizando una petición manipulada a... • https://github.com/openemr/openemr/pull/1757 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15149
https://notcve.org/view.php?id=CVE-2018-15149
15 Aug 2018 — SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter. Vulnerabilidad de inyección SQL en interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc en versiones de OpenEMR anteriores a la 5.0.1.4 permiten que un atacante remoto autenticado ejecute comandos SQL mediante el parámetro "encounter". • https://github.com/openemr/openemr/pull/1757/files • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15148
https://notcve.org/view.php?id=CVE-2018-15148
15 Aug 2018 — SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter. Vulnerabilidad de inyección SQL en interface/patient_file/encounter/search_code.php en versiones de OpenEMR anteriores a la 5.0.1.4 permiten que un atacante remoto autenticado ejecute comandos SQL mediante el parámetro "text". • https://github.com/openemr/openemr/pull/1757/files • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15151
https://notcve.org/view.php?id=CVE-2018-15151
15 Aug 2018 — SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. Vulnerabilidad de inyección SQL en interface/de_identification_forms/find_code_popup.php en versiones de OpenEMR anteriores a la 5.0.1.4 permiten que un atacante remoto autenticado ejecute comandos SQL mediante el parámetro "search_term". • https://github.com/openemr/openemr/pull/1757/files • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •