CVE-2023-22974

HIGH

OpenEMR < 7.0.0 - Unauthenticated Path Traversal via setup.php MySQL Connection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-22974. PoCs published by gbrsh.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-22974, an arbitrary file read vulnerability in OpenEMR < 7.0.0. The exploit sets up a malicious MySQL server to intercept and manipulate database connection requests, allowing the attacker to read arbitrary files from the target system.

Description

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

Exploits (1)

nomisec WORKING POC 10 stars
by gbrsh · poc
https://github.com/gbrsh/CVE-2023-22974

This repository contains a functional exploit for CVE-2023-22974, an arbitrary file read vulnerability in OpenEMR < 7.0.0. The exploit sets up a malicious MySQL server to intercept and manipulate database connection requests, allowing the attacker to read arbitrary files from the target system.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: OpenEMR < 7.0.0
No auth needed
Prerequisites: Network access to the target OpenEMR instance · Target must be running a vulnerable version of OpenEMR (< 7.0.0)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0189
EPSS Percentile 76.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-552
Status published
Products (1)
open-emr/openemr < 7.0.0
Published Feb 22, 2023
Tracked Since Feb 18, 2026