Vulnerabilities > Open EMR > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-28 CVE-2023-2950 Improper Authorization vulnerability in Open-Emr Openemr
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-285
8.1
8.1
2023-05-27 CVE-2023-2946 Improper Access Control vulnerability in Open-Emr Openemr
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-284
8.1
8.1
2023-05-27 CVE-2023-2942 Improper Input Validation vulnerability in Open-Emr Openemr
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-20
8.1
8.1
2023-05-27 CVE-2023-2943 Code Injection vulnerability in Open-Emr Openemr
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
network
low complexity
open-emr CWE-94
8.8
8.8
2023-02-22 CVE-2023-22973 Path Traversal vulnerability in Open-Emr Openemr
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
network
low complexity
open-emr CWE-22
8.8
8.8
2023-02-22 CVE-2023-22974 Files or Directories Accessible to External Parties vulnerability in Open-Emr Openemr
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
network
low complexity
open-emr CWE-552
7.5
7.5
2022-12-15 CVE-2022-4506 Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
network
low complexity
open-emr CWE-434
8.8
8.8
2022-08-09 CVE-2022-2732 Missing Authorization vulnerability in Open-Emr Openemr
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.
network
low complexity
open-emr CWE-862
8.3
8.3
2022-04-18 CVE-2020-13567 SQL Injection vulnerability in multiple products
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7.
network
low complexity
open-emr phpgacl-project CWE-89
7.5
7.5
2021-01-28 CVE-2020-13569 Cross-Site Request Forgery (CSRF) vulnerability in Open-Emr Openemr 5.0.2
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce).
network
low complexity
open-emr CWE-352
8.8
8.8