Remote File Inclusion Vulnerability in OpenEMR by OpenEMR
CVE-2006-5795

Currently unrated

Key Information:

Vendor

Openemr

Status
Openemr
Vendor
CVE Published:
8 November 2006

What is CVE-2006-5795?

OpenEMR versions 2.8.1 and earlier are susceptible to multiple remote file inclusion vulnerabilities when the register_globals setting is enabled. These vulnerabilities can be exploited by remote attackers to execute arbitrary PHP code by manipulating the srcdir parameter in various scripts including billing_process.php, login.php, and others. By exploiting these vulnerabilities, attackers may gain unauthorized access to sensitive system functionalities and data.

References

https://www.exploit-db.com/exploits/2727
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/archive/1/450698/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/30036
vdb-entryx_refsource_XF

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.