Total
138 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4453 | 1 Open-emr | 1 Openemr | 2025-04-12 | 5.0 MEDIUM | N/A |
| interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php. | |||||
| CVE-2011-5161 | 1 Open-emr | 1 Openemr | 2025-04-11 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/. | |||||
| CVE-2013-4620 | 1 Open-emr | 1 Openemr | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter. | |||||
| CVE-2011-5160 | 1 Open-emr | 1 Openemr | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. | |||||
| CVE-2012-2115 | 1 Open-emr | 1 Openemr | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. | |||||
| CVE-2013-4619 | 1 Open-emr | 1 Openemr | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_range.php, or the (3) form_newid parameter to custom/chart_tracker.php. | |||||
| CVE-2024-22611 | 1 Open-emr | 1 Openemr | 2025-04-08 | N/A | 9.8 CRITICAL |
| OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php. | |||||
| CVE-2023-2950 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.1 HIGH |
| Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2949 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2948 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2947 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2946 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.1 HIGH |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2945 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2944 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 5.4 MEDIUM |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2943 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2942 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.1 HIGH |
| Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2674 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2566 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-22974 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 7.5 HIGH |
| A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. | |||||
| CVE-2023-22973 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.8 HIGH |
| A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | |||||