An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
References
| Link | Resource |
|---|---|
| https://github.com/openemr/openemr | Product Third Party Advisory |
| https://securityforeveryone.com/blog/inactive-post-test/openemr-0-day-idor-vulnerability | Not Applicable |
| https://www.open-emr.org/ | Vendor Advisory |
Configurations
History
09 Mar 2022, 19:47
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-639 | |
| CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 8.1 |
| CPE | cpe:2.3:a:open-emr:openemr:6.0.0:*:*:*:*:*:*:* | |
| References | (MISC) https://securityforeveryone.com/blog/inactive-post-test/openemr-0-day-idor-vulnerability - Not Applicable | |
| References | (MISC) https://www.open-emr.org/ - Vendor Advisory | |
| References | (MISC) https://github.com/openemr/openemr - Product, Third Party Advisory |
03 Mar 2022, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-03-03 00:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-25471
Mitre link : CVE-2022-25471
CVE.ORG link : CVE-2022-25471
JSON object : View
Products Affected
open-emr
- openemr
CWE
CWE-639
Authorization Bypass Through User-Controlled Key