Variable Overwrite Vulnerability in OpenEMR by OpenEMR, Inc.
CVE-2007-0649

Currently unrated

Key Information:

Vendor: Openemr
Status: Openemr
Vendor: CVE Published:; 1 February 2007

What is CVE-2007-0649?

A variable overwrite vulnerability identified in OpenEMR 2.8.2 and earlier versions allows remote attackers to manipulate program variables. This could facilitate unauthorized actions, including remote file inclusion through the 'srcdir' parameter in 'custom/import_xml.php' and cross-site scripting through the 'rootdir' parameter in 'interface/login/login_frame.php'. The vulnerability arises from unvalidated inputs processed through the POST and GET superglobal arrays, highlighting the need for secure coding practices.

References

http://www.securityfocus.com/archive/1/458565/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://attrition.org/pipermail/vim/2007-January/001254.html

mailing-listx_refsource_VIM

http://www.securityfocus.com/archive/1/458456/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2007
Vulnerability Reserved
Jan 31, 2007

Openemr

What is CVE-2007-0649?

References

Timeline