Search Results | AttackerKB

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2023-22973

Disclosure Date: February 22, 2023 (last updated October 08, 2023)

A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2023-22972

Disclosure Date: February 22, 2023 (last updated October 08, 2023)

A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2022-4733

Disclosure Date: December 27, 2022 (last updated October 08, 2023)

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.

Attack Vector: Network Privileges: High User Interaction: Required

Attacker Value

Unknown

CVE-2022-4615

Disclosure Date: December 19, 2022 (last updated October 08, 2023)

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

Attack Vector: Network Privileges: None User Interaction: Required

129 Total Results

Displaying 11-20 of 129

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification