Remote File Inclusion Vulnerability in OpenEMR by InterMed Resources
CVE-2006-2929

Currently unrated

Key Information:

Vendor: Openemr
Status: Openemr
Vendor: CVE Published:; 9 June 2006

What is CVE-2006-2929?

The vulnerability stems from a PHP remote file inclusion flaw in the OpenEMR product, specifically within the C_FormEvaluation.class.php file when the register_globals directive is enabled. This allows remote attackers to exploit the GLOBALS[fileroot] parameter to execute arbitrary PHP code, potentially compromising the integrity and security of the affected systems.

References

http://secunia.com/advisories/20505

third-party-advisoryx_refsource_SECUNIA

https://www.exploit-db.com/exploits/1886

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/26984

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2006
Vulnerability Reserved
Jun 9, 2006

Openemr

What is CVE-2006-2929?

References

Timeline