Vulnerabilities > CVE-2023-22974 - Files or Directories Accessible to External Parties vulnerability in Open-Emr Openemr

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

open-emr

CWE-552

NVD

Published: 2023-02-22

Updated: 2023-03-03

Summary

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

Vulnerable Configurations

Part	Description	Count
Application	Open-Emr Open EMR Openemr - Open EMR Openemr 2.0.1.2 Open EMR Openemr 2.7 Open EMR Openemr 2.7.1 Open EMR Openemr 2.7.2 Open EMR Openemr 2.7.3 Open EMR Openemr 2.8.0 Open EMR Openemr 2.8.1 Open EMR Openemr 2.8.2 Open EMR Openemr 2.8.3 Open EMR Openemr 2.9.0 Open EMR Openemr 3.0.0 Open EMR Openemr 3.0.1 Open EMR Openemr 3.1.0 Open EMR Openemr 3.2.0 Open EMR Openemr 4.0.0 Open EMR Openemr 4.1.0 Open EMR Openemr 4.1.1 Open EMR Openemr 4.1.2 Open EMR Openemr 4.1.2.3 Open EMR Openemr 4.1.2.6 Open EMR Openemr 4.1.2.7 Open EMR Openemr 4.2.0 Open EMR Openemr 4.2.0.3 Open EMR Openemr 4.2.1 Open EMR Openemr 4.2.2 Open EMR Openemr 5.0.0 Open EMR Openemr 5.0.0.5 Open EMR Openemr 5.0.0.6 Open EMR Openemr 5.0.1 Open EMR Openemr 5.0.1-6 Open EMR Openemr 5.0.1.1 Open EMR Openemr 5.0.1.2 Open EMR Openemr 5.0.1.3 Open EMR Openemr 5.0.1.4 Open EMR Openemr 5.0.1.5 Open EMR Openemr 5.0.1.6 Open EMR Openemr 5.0.1.7 Open EMR Openemr 5.0.2 Open EMR Openemr 5.0.2.1 Open EMR Openemr 5.0.2.2 Open EMR Openemr 5.0.2.3 Open EMR Openemr 5.0.2.4 Open EMR Openemr 5.0.2.5 Open EMR Openemr 6.0.0 Open EMR Openemr 6.0.0.1 Open EMR Openemr 6.0.0.2 Open EMR Openemr 6.0.0.3 Open EMR Openemr 6.0.0.4 Open EMR Openemr 6.1.0 Open EMR Openemr 6.1.0.1	59

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References