Directory Traversal Vulnerabilities in OpenEMR by OpenEMR
CVE-2012-0991

Currently unrated

Key Information:

Vendor

Openemr

Status
Openemr
Vendor
CVE Published:
7 February 2012

What is CVE-2012-0991?

OpenEMR version 4.1.0 contains multiple directory traversal vulnerabilities that can be exploited by remote authenticated users. By manipulating the formname parameter in certain PHP scripts, such as contrib/acog/print_form.php, load_form.php, view_form.php, or trend_form.php, attackers can gain unauthorized access to sensitive files on the server. This vulnerability raises significant security concerns for instances of OpenEMR that have not been patched.

References

https://www.htbridge.ch/advisory/HTB23069
x_refsource_MISC
http://osvdb.org/78727
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/51788
vdb-entryx_refsource_BID

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.