Rod Roark

10 exploits Active since Apr 2018
CVE-2026-25146 WRITEUP CRITICAL WRITEUP
OpenEMR 5.0.2-7.9.9 - Info Disclosure
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.
CVSS 9.6
CVE-2026-25146 WRITEUP CRITICAL WRITEUP
OpenEMR 5.0.2-7.9.9 - Info Disclosure
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.
CVSS 9.6
CVE-2026-33933 WRITEUP MEDIUM WRITEUP
Reflected XSS via Unescaped contextName Parameter in Custom Template Editor
OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XSS) vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in an authenticated staff member's browser session by sending them a crafted URL. The attacker does not need an OpenEMR account. Version 8.0.0.3 patches the issue.
CVSS 6.1
CVE-2026-25127 WRITEUP MEDIUM WRITEUP
OpenEMR <8.0.0 - Privilege Escalation
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue.
CVSS 6.5
CVE-2026-25131 WRITEUP HIGH WRITEUP
OpenEMR <8.0.0 - Privilege Escalation
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users (such as Receptionist) to add and modify procedure types without proper authorization. This vulnerability is present in the /openemr/interface/orders/types_edit.php endpoint. Version 8.0.0 contains a patch.
CVSS 8.8
CVE-2018-1000218 WRITEUP MEDIUM WORKING POC
OpenEMR v5_0_1_4 - Authenticated Stored Cross-Site Scripting via Fax View File Parameter
OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..
CVSS 5.4
CVE-2018-1000219 WRITEUP MEDIUM WORKING POC
OpenEMR v5_0_1_4 - Authenticated Cross-Site Scripting via 'scan' Parameter
OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL..
CVSS 5.4
CVE-2018-10571 WRITEUP MEDIUM WRITEUP
OpenEMR < 5.0.1 - Reflected Cross-Site Scripting via Multiple Parameters
Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php.
CVSS 6.1
CVE-2018-10572 WRITEUP MEDIUM WRITEUP
OpenEMR < 5.0.1 - Authenticated Access Control Bypass via Letter Template Parameters
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
CVSS 6.5
CVE-2018-10573 WRITEUP HIGH WRITEUP
OpenEMR < 5.0.1 - Authenticated Access Control Bypass via Fax Dispatch Scan Parameter
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
CVSS 8.8