Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / open-emr

open-emr

217 tracked vulnerabilities.

CVE-2020-13565 MEDIUM

OpenEMR and phpGACL - Open Redirect via return_page Parameter

CVE-2020-36243 HIGH

OpenEMR 5.0.2.1 - Authenticated OS Command Injection via Patient Portal Backup Endpoint

CVE-2020-13564 MEDIUM

phpGACL 3.3.7 - Cross-Site Scripting via Template acl_id Parameter

CVE-2020-13563 MEDIUM

phpGACL 3.3.7 - Cross-Site Scripting via Template Group ID Parameter

CVE-2020-13562 MEDIUM

phpGACL 3.3.7 - Cross-Site Scripting via Template Action Parameter

CVE-2020-13569 HIGH

OpenEMR 5.0.2 and 6.0.0 - Cross-Site Request Forgery in GACL Functionality

CVE-2020-19364 HIGH

OpenEMR 5.0.1 - Authenticated Unrestricted Upload of File with Dangerous Type via controller.php

CVE-2019-16404 HIGH

OpenEMR < 5.0.2 - Authenticated SQL Injection via providerID Parameter

CVE-2019-17409 MEDIUM

OpenEMR 5.0.1-5.0.2.1 - Reflected Cross-Site Scripting via id Parameter

CVE-2019-16862 MEDIUM

OpenEMR 5.0.0-5.0.2.1 - Reflected Cross-Site Scripting via PID Parameter

CVE-2019-17197 CRITICAL

OpenEMR < 5.0.2 - SQL Injection in Lifestyle Demographic Filter Criteria

CVE-2019-17179 MEDIUM

OpenEMR < 5.0.2 - Stored Cross-Site Scripting

CVE-2019-8368 MEDIUM

OpenEMR 5.0.1-6 - Cross-Site Scripting

CVE-2019-8371 HIGH

OpenEMR 5.0.1-6 - Remote Code Execution via Unrestricted File Upload

CVE-2019-3968 HIGH

OpenEMR < 5.0.1 - Authenticated OS Command Injection via Scanned Forms Interface

CVE-2019-3967 MEDIUM

OpenEMR < 5.0.1 - Authenticated Path Traversal via Patient File Download Interface

CVE-2019-3966 MEDIUM

OpenEMR < 5.0.1 - Reflected Cross-Site Scripting via Foreign ID Parameter

CVE-2019-3965 MEDIUM

OpenEMR < 5.0.1 - Reflected Cross-Site Scripting via Document ID Parameter

CVE-2019-3964 MEDIUM

OpenEMR < 5.0.1 - Reflected Cross-Site Scripting via doc_id Parameter

CVE-2019-3963 MEDIUM

OpenEMR < 5.0.1 - Reflected Cross-Site Scripting via Patient ID Parameter

CVE-2019-14530 HIGH NUCLEI

OpenEMR < 5.0.2 - Path Traversal and Arbitrary File Deletion via fileName Parameter

CVE-2019-14529 CRITICAL

OpenEMR < 5.0.2 - SQL Injection via eye_mag/save.php

CVE-2018-16795 HIGH

OpenEMR 5.0.1.3 - Cross-Site Request Forgery via library/ajax and interface/super

CVE-2018-17181 CRITICAL

OpenEMR < 5.0.1.7 - SQL Injection via SaveAudit and portalAudit Functions

CVE-2018-17180 MEDIUM

OpenEMR < 5.0.1.7 - Path Traversal via docid Parameter in download_template.php

Previous Page 7 of 9 Next

Products

openemr 217 OpenEMR 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy