Vulnerabilities > Open EMR > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-22 CVE-2022-2493 Unspecified vulnerability in Open-Emr Openemr
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
network
low complexity
open-emr
8.1
8.1
2022-04-25 CVE-2022-1459 Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.
network
low complexity
open-emr CWE-639
8.3
8.3
2022-03-03 CVE-2022-25471 Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr 6.0.0
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register.
network
low complexity
open-emr CWE-639
8.1
8.1
2021-06-24 CVE-2021-25923 Weak Password Requirements vulnerability in Open-Emr Openemr
In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password requirements as it does not enforce a maximum password length limit.
network
high complexity
open-emr CWE-521
8.1
8.1
2021-05-07 CVE-2021-32101 Incorrect Permission Assignment for Critical Resource vulnerability in Open-Emr Openemr 5.0.2.1
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php.
network
low complexity
open-emr CWE-732
8.2
8.2
2021-05-07 CVE-2021-32102 SQL Injection vulnerability in Open-Emr Openemr 5.0.2.1
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
network
low complexity
open-emr CWE-89
8.8
8.8
2021-05-07 CVE-2021-32104 SQL Injection vulnerability in Open-Emr Openemr 5.0.2.1
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
network
low complexity
open-emr CWE-89
8.8
8.8
2021-04-13 CVE-2020-13568 SQL Injection vulnerability in multiple products
SQL injection vulnerability exists in phpGACL 3.3.7.
network
low complexity
open-emr phpgacl-project CWE-89
8.8
8.8
2021-04-13 CVE-2020-13566 SQL Injection vulnerability in multiple products
SQL injection vulnerabilities exist in phpGACL 3.3.7.
network
low complexity
open-emr phpgacl-project CWE-89
8.8
8.8
2021-02-15 CVE-2020-29143 SQL Injection vulnerability in Open-Emr Openemr
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter.
network
low complexity
open-emr CWE-89
7.2
7.2