Open Redirect Vulnerability in phpGACL and OpenEMR Products
CVE-2020-13565

6.1MEDIUM

Key Information:

Vendor

Open-emr

Status
PHPgacl
Vendor
CVE Published:
10 February 2021

What is CVE-2020-13565?

An open redirect vulnerability in the return_page redirection functionality of phpGACL 3.3.7 and OpenEMR versions 5.0.2 and 6.0.0 allows attackers to craft a malicious HTTP request. This can redirect users to an arbitrary URL, posing significant security risks by potentially leading users to phishing sites or malicious content. It is essential for users and administrators to apply updates promptly to mitigate this risk.

Affected Version(s)

phpGACL OpenEMR 5.0.2,OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce),phpGACL 3.3.7

References

https://talosintelligence.com/vulnerability_reports/TALOS...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.