vulnerabilità SQL injection nell’interfaccia / de_identification_forms / find_code_popup.php nelle versioni di OpenEMR prima 5.0.1.4 consente a un utente malintenzionato autenticato remoto per eseguire comandi SQL arbitrari tramite il parametro ‘SEARCH_TERM’. |
https://github.com/openemr/openemr/pull/1757/files https://www.open-emr.org/wiki/index.php/OpenEMR_Patches https://insecurity.sh/reports/openemr.pdf https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15151 |
Vulnerabilità: CVE-2018-15151
