CVE-2018-15152

CRITICAL

OpenEMR < 5.0.1.4 - Unauthenticated Authentication Bypass via Patient Portal Registration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15152. PoCs published by Ron Jost.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in OpenEMR by leveraging the registration page to access restricted patient portal pages without authentication. It checks for vulnerability by verifying the presence of the registration page and then crafts a request to access protected resources.

Description

Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient.

Exploits (1)

exploitdb WORKING POC

by Ron Jost · pythonwebappsphp

https://www.exploit-db.com/exploits/50017

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in OpenEMR by leveraging the registration page to access restricted patient portal pages without authentication. It checks for vulnerability by verifying the presence of the registration page and then crafts a request to access protected resources.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: OpenEMR versions prior to 5.0.1.4

No auth needed

Prerequisites: Registration portal must be enabled · Target URL and path to restricted resource must be known

MITRE ATT&CK