PHP Remote File Inclusion Vulnerability in OpenEMR by Artista Solutions
CVE-2006-5811

Currently unrated

Key Information:

Vendor

Openemr

Status
Openemr
Vendor
CVE Published:
8 November 2006

What is CVE-2006-5811?

The OpenEMR software version 2.8.1 is vulnerable to a PHP remote file inclusion incident rooted in the library/translation.inc.php file. This occurs when the register_globals setting is enabled, which can allow remote attackers to execute arbitrary PHP code by injecting a specially crafted URL into the GLOBALS[srcdir] parameter. If exploited, this vulnerability poses significant risks, potentially leading to unauthorized access or manipulation of the server hosting the application.

References

https://www.exploit-db.com/exploits/2727
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/archive/1/450698/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/30036
vdb-entryx_refsource_XF

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.