exploitDog

CVE-2021-32102

Опубликовано: 07 мая 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.

Ссылки

https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
Third Party Advisory
https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431
Vendor Advisory
https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592
Third Party Advisory
https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal
Third Party Advisory
https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches
Patch
Vendor Advisory
https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
Third Party Advisory
https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431
Vendor Advisory
https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592
Third Party Advisory
https://portswigger.net/daily-swig/healthcare-security-openemr-fixes-serious-flaws-that-lead-to-command-execution-in-patient-portal
Third Party Advisory
https://www.open-emr.org/wiki/index.php/Old_Outdated_OpenEMR_Patches
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:open-emr:openemr:5.0.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00024

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-rhcp-4p8q-p678

github

больше 3 лет назад

A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.

EPSS

Процентиль: 6%

0.00024

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89