Vulnerabilities > Open EMR > Openemr > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-22 | CVE-2022-2493 | Unspecified vulnerability in Open-Emr Openemr Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. | 8.1 |
| 2022-04-25 | CVE-2022-1459 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. | 8.3 |
| 2022-03-03 | CVE-2022-25471 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr 6.0.0 An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. | 8.1 |
| 2021-06-24 | CVE-2021-25923 | Weak Password Requirements vulnerability in Open-Emr Openemr In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit. | 8.1 |
| 2021-05-07 | CVE-2021-32101 | Incorrect Permission Assignment for Critical Resource vulnerability in Open-Emr Openemr 5.0.2.1 The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. | 8.2 |
| 2021-05-07 | CVE-2021-32102 | SQL Injection vulnerability in Open-Emr Openemr 5.0.2.1 A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1. | 8.8 |
| 2021-05-07 | CVE-2021-32104 | SQL Injection vulnerability in Open-Emr Openemr 5.0.2.1 A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1. | 8.8 |
| 2021-04-13 | CVE-2020-13568 | SQL Injection vulnerability in multiple products SQL injection vulnerability exists in phpGACL 3.3.7. | 8.8 |
| 2021-04-13 | CVE-2020-13566 | SQL Injection vulnerability in multiple products SQL injection vulnerabilities exist in phpGACL 3.3.7. | 8.8 |
| 2021-02-15 | CVE-2020-29143 | SQL Injection vulnerability in Open-Emr Openemr A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | 7.2 |