Privilege Escalation Vulnerability in OpenEMR by OpenEMR Team
CVE-2024-26476

Currently unrated

Key Information:

Vendor: OpenEMR Team
Status: OpenEMR
Vendor: CVE Published:; 28 February 2024

🔔 Create OpenEMR Team Vulnerability Alert

What is CVE-2024-26476?

A vulnerability exists in OpenEMR versions prior to 7.0.2, where a remote attacker can exploit the ereq_form.php component. By crafting a malicious script targeting the formid parameter, the attacker is able to escalate their privileges, potentially leading to unauthorized access and control over sensitive information.

References

https://github.com/mpdf/mpdf/issues/867

https://github.com/c4v4r0n/Research/blob/main/openemr_Bli...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2024
Vulnerability Reserved
Feb 19, 2024