CVSS: 8.5EPSS: 2%CPEs: 1EXPL: 3CVE-2012-0992 – OpenEMR 4.1 - '/Interface/fax/fax_dispatch.php?File' 'exec()' Call Arbitrary Shell Command Execution
https://notcve.org/view.php?id=CVE-2012-0992
interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. interface/fax/fax_dispatch.php en OpenEMR v4.1.0, permite a usuarios autenticados remotamente ejecutar comandos de su elección a través de metacaracteres de linea de comandos en el parámetro file. • https://www.exploit-db.com/exploits/36651 http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html http://osvdb.org/78731 http://secunia.com/advisories/47781 http://www.open-emr.org/wiki/index.php/OpenEMR_Patches http://www.securityfocus.com/bid/51788 https://exchange.xforce.ibmcloud.com/vulnerabilities/72915 https://www.htbridge.ch/advisory/HTB23069 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 60%CPEs: 1EXPL: 6CVE-2012-0991 – OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion
https://notcve.org/view.php?id=CVE-2012-0991
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. Múltiples vulnerabilidades de salto de directorio en OpenEMR v4.1.0, permite a usuarios autenticados remotamente leer archivos de su elección a través de un .. (punto punto) en el parámetro formname en (1) contrib/acog/print_form.php; o (2) load_form.php, (3) view_form.php, o (4) trend_form.php en interface/patient_file/encounter. • https://www.exploit-db.com/exploits/36650 https://www.exploit-db.com/exploits/36649 https://www.exploit-db.com/exploits/36648 http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html http://osvdb.org/78727 http://osvdb.org/78728 http://osvdb.org/78729 http://osvdb.org/78730 http://secunia.com/advisories/47781 http://www.open-emr.org/wiki/index.php/OpenEMR_Patches http://www.securityfocus.com/bid/51788 https://exchange.xforce.ibmcloud.com/vulnerabilities& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 2CVE-2007-0649 – OpenEMR 2.8.2 - 'Import_XML.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-0649
Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error. Una vulnerabilidad de sobrescritura de variables en el archivo interface/globals.php en OpenEMR versión 2.8.2 y anteriores, permite a los atacantes remotos sobrescribir variables de programa arbitrarias y conducir otras actividades no autorizadas, como dirigir ataques de (a) inclusión de archivos remotos por medio del parámetro srcdir en custom/import_xml.php o (b) ataques de tipo Cross-Site Scripting (XSS) por medio del parámetro rootdir en interface/login/login_frame.php, por medio de vectores asociados con operaciones de extracción en POST y en matrices superglobales. NOTA: este problema se cuestionó originalmente anterior a que se identificara el comportamiento del extracto en el análisis posterior a la divulgación. • https://www.exploit-db.com/exploits/29556 https://www.exploit-db.com/exploits/29557 http://attrition.org/pipermail/vim/2007-January/001254.html http://attrition.org/pipermail/vim/2007-January/001258.html http://osvdb.org/33603 http://osvdb.org/33609 http://securityreason.com/securityalert/2202 http://www.securityfocus.com/archive/1/458306/100/0/threaded http://www.securityfocus.com/archive/1/458426/100/0/threaded http://www.securityfocus.com/archive/1/458456/100/0/t • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 2CVE-2006-5811 – OpenEMR 2.8.1 - 'srcdir' Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2006-5811
PHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[srcdir] parameter. Vulnerabilidad de inclusión remota de archivo en PHP en library/translation.inc.php de OpenEMR 2.8.1, cuando register_globals está activado, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro GLOBALS[srcdir]. • https://www.exploit-db.com/exploits/2727 http://advisories.echo.or.id/adv/adv60-theday-2006.txt http://secunia.com/advisories/22695 http://securityreason.com/securityalert/1844 http://www.securityfocus.com/archive/1/450698/100/0/threaded http://www.vupen.com/english/advisories/2006/4382 https://exchange.xforce.ibmcloud.com/vulnerabilities/30036 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2006-5795 – OpenEMR 2.8.1 - 'srcdir' Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2006-5795
Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php and (i) main.php in interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, and (o) front_receipts_report.php in interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, and (r) user_info.php in interface/usergroup/; or (s) custom/import_xml.php. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en OpenEMR 2.8.1 y versiones anteriores, cuando el registro global está habilitado, permiten a atacantes remotos la ejecución de código PHP de su elección mediante una URL en el parámetro srcdir del (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, y (d) print_billing_report.php en la ruta interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php y (i) main.php en la ruta interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, y (o) front_receipts_report.php en la ruta interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, y (r) user_info.php en la ruta interface/usergroup/; o del (s) custom/import_xml.php. • https://www.exploit-db.com/exploits/2727 http://advisories.echo.or.id/adv/adv60-theday-2006.txt http://secunia.com/advisories/22695 http://securityreason.com/securityalert/1834 http://www.securityfocus.com/archive/1/450698/100/0/threaded http://www.vupen.com/english/advisories/2006/4382 https://exchange.xforce.ibmcloud.com/vulnerabilities/30036 •