CVE-2023-54347

HIGH

OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-54347. PoCs published by abhhi (Abhishek Birdawade).

AI-analyzed exploit summary This script performs a brute-force attack against OpenEMR v7.0.1 by bypassing authentication mitigation mechanisms. It iterates through username and password lists, sending POST requests to the login endpoint and checking for successful authentication via redirect headers.

Description

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.

Exploits (1)

exploitdb WORKING POC

by abhhi (Abhishek Birdawade) · pythonwebappsphp

https://www.exploit-db.com/exploits/51413

View Code ZIP pw:eip

This script performs a brute-force attack against OpenEMR v7.0.1 by bypassing authentication mitigation mechanisms. It iterates through username and password lists, sending POST requests to the login endpoint and checking for successful authentication via redirect headers.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: OpenEMR v7.0.1

No auth needed

Prerequisites: valid login endpoint URL · username or username list · password list

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 05, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-51413

https://www.exploit-db.com/exploits/51413

Product product

Official Product Homepage

https://www.open-emr.org/

Product product

Product Reference

https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz

Third Party Advisory third-party-advisory

VulnCheck Advisory: OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass

https://www.vulncheck.com/advisories/openemr-authentication-brute-force-mitigation-bypass

Scores

CVSS v3 7.5

EPSS 0.0018

EPSS Percentile 39.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (2)

open-emr/openemr 7.0.1

Open-Emr/OpenEMR 7.0.1

Published May 05, 2026

Tracked Since May 05, 2026