Authentication Bypass in OpenEMR 7.0.1 by OpenEMR
CVE-2023-54347

8.7HIGH

Key Information:

Vendor: Open-emr
Status: Openemr
Vendor: CVE Published:; 5 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-54347?

OpenEMR version 7.0.1 is susceptible to a brute force authentication vulnerability, where attackers can exploit the login mechanism to bypass rate limiting controls. By sending multiple login attempts via POST requests with specific parameters, they can test various username and password combinations without facing account lockout, leading to potential unauthorized access.

Affected Version(s)

OpenEMR 7.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-54347 - Proof of Concept

References

https://www.exploit-db.com/exploits/51413

exploit

https://www.open-emr.org/

product

https://github.com/openemr/openemr/archive/refs/tags/v7_0...

product

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 5, 2026
👾
Exploit known to exist
May 5, 2026
Vulnerability published
May 5, 2026
Vulnerability Reserved
Jan 10, 2026

Credit

abhhi (Abhishek Birdawade)

CVE-2023-54347 Data

JSON

Open-emr

Badges

What is CVE-2023-54347?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit