OpenEMR 6.0.0 Insecure Direct Object Reference ≈ Packet Storm

Roger Wilco Exploits 1 septembre 2021 Affichages : 302

# Exploit Title: Openemr 6.0.0 - Insecure direct object references 
# Date: 31/8/2021 
# Exploit Author: Allen Enosh Upputori 
# Vendor Homepage: https://community.open-emr.org 
# Version: 6.0.0 
# Tested on: Linux 
# CVE: 2021-40352 
PoC: An attacker who has Physician Access can read messages with were sent to others members including admin messages the vulnerability exits in the print message feature = "pnotes_print.php?noteid=16" changing the "noteid=" to any other number will reveal the messages of everyone 
https://github.com/allenenosh/CVE-2021-40352

WHAT ARE YOU LOOKING FOR?

Popular Tags

OpenEMR 6.0.0 Insecure Direct Object Reference ≈ Packet Storm

Follow us on

Most popular

Tiki Wiki CMS Groupware 21.1 Authentication Bypass ≈ Packet Storm

Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection ≈ Packet Storm

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation ≈ Packet Storm

Phone Shop Sales Managements System 1.0 Shell Upload ≈ Packet Storm

Monitorr 1.7.6m Authorization Bypass ≈ Packet Storm

Tomato: 1 Vulnhub Walkthrough

Category

Popular Sections

About