OpenEMR Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

OpenEMR is prone to SQL-injection, HTML-injection, and cross-site- scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. OpenEMR 3.2.0 is vulnerable other versions may also be affected.

References

http://www.oemr.org/
http://www.sourceforge.net/projects/openemr/
https://www.securityfocus.com/bid/45575

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
ApPHP MicroBlog Remote Code Execution Vulnerability
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities

Take action and discover your vulnerabilities