OpenEMR Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

OpenEMR is prone to SQL-injection, HTML-injection, and cross-site- scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. OpenEMR 3.2.0 is vulnerable other versions may also be affected.

References

http://www.oemr.org/
http://www.sourceforge.net/projects/openemr/
https://www.securityfocus.com/bid/45575

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Directory Traversal Vulnerability
ATutor < 1.5.1-pl1 Multiple Flaws
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
A-A-S Application Access Server Multiple Vulnerabilities
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities

Take action and discover your vulnerabilities