Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0991

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-0991
Last Modified 08 Feb 2012 12:00:00
Published 07 Feb 2012 04:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-0991

Summary

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.

Vulnerable Systems

Application

  • Openemr 4.1.0


References

MISC - https://www.htbridge.ch/advisory/HTB23069

XF - openemr-formname-file-include(72914)

BID - 51788

CONFIRM - http://www.open-emr.org/wiki/index.php/OpenEMR_Patches

SECUNIA - 47781

OSVDB - 78730

OSVDB - 78729

OSVDB - 78728

OSVDB - 78727

BUGTRAQ - 20120201 Multiple vulnerabilities in OpenEMR


Last Updated: 27 May 2016 10:56:28