CVE-2012-0991

NUCLEI

OpenEMR 4.1.0 - Path Traversal

Title source: llm

Description

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.

Exploits (3)

exploitdb WRITEUP VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/36648

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/36649

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/36650

View Code ZIP pw:eip

Nuclei Templates (1)

OpenEMR 4.1 - Local File Inclusion

LOWby daffainfo

Shodan: http.html:"openemr" || http.title:"openemr" || http.favicon.hash:1971268439

FOFA: icon_hash=1971268439 || body="openemr" || title="openemr" || app="openemr"

References (10)

[Exploit, Patch] http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html

[Vendor Advisory] http://secunia.com/advisories/47781

[Patch] http://www.open-emr.org/wiki/index.php/OpenEMR_Patches

[Exploit] http://www.securityfocus.com/bid/51788

[Exploit, Patch] https://www.htbridge.ch/advisory/HTB23069

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72914

[Third Party Advisory, VDB Entry] http://osvdb.org/78727

[Third Party Advisory, VDB Entry] http://osvdb.org/78728

[Third Party Advisory, VDB Entry] http://osvdb.org/78729

[Third Party Advisory, VDB Entry] http://osvdb.org/78730

Scores

EPSS 0.2288

EPSS Percentile 95.9%

Details

CWE

CWE-22

Status published

Products (1)

openemr/openemr 4.1.0

Published Feb 07, 2012

Tracked Since Feb 18, 2026