| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/. |
| Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter. |
| Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/chart_tracker.php. |
| Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. |
| SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. |
| OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php. |
| A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI. |
| A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. |
| A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. |
| Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. |
| Code Injection in GitHub repository openemr/openemr prior to 7.0.1. |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. |
| Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. |
| Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. |
