Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2115

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2115
Last Modified 10 Sep 2012 12:00:00
Published 09 Sep 2012 05:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2115

Summary

SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.

Vulnerable Systems

Application

  • Open-emr Openemr 3.1.0

  • Open-emr Openemr 3.2.0

  • Open-emr Openemr 4.0.0

  • Open-emr Openemr 4.1.0


References

XF - openemr-validateuser-sql-injection(71983)

BID - 51247

OSVDB - 78132

MLIST - [oss-security] 20120418 Re: CVE-request: OpenEMR 4.1.0 SQL-injection

MLIST - [oss-security] 20120417 CVE-request: OpenEMR 4.1.0 SQL-injection

CONFIRM - http://www.open-emr.org/wiki/index.php/OpenEMR_Patches

MISC - http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/

EXPLOIT-DB - 18274

FULLDISC - 20120103 SQL Injection Vulnerability in OpenEMR 4.1.0


Last Updated: 27 May 2016 11:00:32