Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2022-0452
Date: September 21, 2022
Multiple Authenticated Remote Code Execution Vulnerabilities in Admin Panel in openemr/openemr. An attacker with administrative privileges in the openEMR application can execute arbitrary code on the server (remote code execution (RCE)). This was tested in openEMR version 7.0.0 (1) but also affects previous versions of openEMR. The issue is patched in version 7.0.0.2.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | HIGH |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |