Vulnerabilities > Open EMR > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-28 CVE-2023-2950 Unspecified vulnerability in Open-Emr Openemr
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr
8.1
8.1
2023-05-27 CVE-2023-2946 Unspecified vulnerability in Open-Emr Openemr
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr
8.1
8.1
2023-05-27 CVE-2023-2942 Unspecified vulnerability in Open-Emr Openemr
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr
8.1
8.1
2023-05-27 CVE-2023-2943 Unspecified vulnerability in Open-Emr Openemr
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr
8.8
8.8
2023-02-22 CVE-2023-22973 Path Traversal vulnerability in Open-Emr Openemr
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
network
low complexity
open-emr CWE-22
8.8
8.8
2023-02-22 CVE-2023-22974 Files or Directories Accessible to External Parties vulnerability in Open-Emr Openemr
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
network
low complexity
open-emr CWE-552
7.5
7.5
2022-12-17 CVE-2022-4567 Unspecified vulnerability in Open-Emr Openemr
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
network
low complexity
open-emr
8.1
8.1
2022-12-15 CVE-2022-4504 Unspecified vulnerability in Open-Emr Openemr
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
network
low complexity
open-emr
7.5
7.5
2022-12-15 CVE-2022-4506 Unspecified vulnerability in Open-Emr Openemr
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
network
low complexity
open-emr
8.8
8.8
2022-08-09 CVE-2022-2732 Unspecified vulnerability in Open-Emr Openemr
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.
network
low complexity
open-emr
8.3
8.3