
We found results for “”
WS-2022-0452
Date: September 21, 2022
Multiple Authenticated Remote Code Execution Vulnerabilities in Admin Panel in openemr/openemr. An attacker with administrative privileges in the openEMR application can execute arbitrary code on the server (remote code execution (RCE)). This was tested in openEMR version 7.0.0 (1) but also affects previous versions of openEMR. The issue is patched in version 7.0.0.2.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |