We found results for “”
WS-2022-0252
Good to know:
Date: August 2, 2022
An Insecure direct object references (IDOR) in openemr/openemr, enables users to delete other users' messages in their Message Center, by changing the delete_id parameter to delete_id value of a message which belongs to another user. As a result, an attacked user will not be able to see messages they've received from others. This affects all versions prior to 7.0.0.1.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Authorization Bypass Through User-Controlled Key
CWE-639Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |