CVE-2021-40352

MEDIUM

OpenEMR 6.0.0 - Unauthenticated Insecure Direct Object Reference via pnotes_print.php noteid Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-40352. PoCs published by Allen Enosh Upputori, allenenosh.

AI-analyzed exploit summary This exploit describes an Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0, allowing unauthorized access to messages by manipulating the 'noteid' parameter. The steps outline how to reproduce the issue but do not include executable code.

Description

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.

Exploits (2)

exploitdb WRITEUP

by Allen Enosh Upputori · textwebappsphp

https://www.exploit-db.com/exploits/50260

View Code ZIP pw:eip

This exploit describes an Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0, allowing unauthorized access to messages by manipulating the 'noteid' parameter. The steps outline how to reproduce the issue but do not include executable code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OpenEMR 6.0.0

Auth required

Prerequisites: Access to OpenEMR as a Physician · Ability to intercept/modify requests

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 3 stars

by allenenosh · poc

https://github.com/allenenosh/CVE-2021-40352

View Code ZIP pw:eip

The repository describes an information disclosure vulnerability in OpenEMR 6.0.0 where an authenticated attacker with Physician access can read arbitrary messages by manipulating the 'noteid' parameter in 'pnotes_print.php'.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OpenEMR 6.0.0

Auth required

Prerequisites: Physician-level access to OpenEMR

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product, Vendor Advisory x_refsource_misc

https://www.open-emr.org/wiki/index.php/Securing_OpenEMR

Exploit, Third Party Advisory x_refsource_misc

https://github.com/allenenosh/CVE-2021-40352

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/164011/OpenEMR-6.0.0-Insecure-Direct-Object-Reference.html

Scores

CVSS v3 6.5

EPSS 0.0971

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-639

Status published

Products (1)

open-emr/openemr 6.0.0

Published Sep 01, 2021

Tracked Since Feb 18, 2026