Main Vulnerability Database Exploits ID:4174 - Exploit for Path traversal in OpenEMR - CVE-2012-0991

ID:4174 - Exploit for Path traversal in OpenEMR - CVE-2012-0991

Published: August 11, 2020

Vulnerability identifier: #VU44327

Vulnerability risk: Low

CVE-ID: CVE-2012-0991

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
OpenEMR

Link to public exploit:

https://www.exploit-db.com/exploits/36649/

Vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.

Remediation

Install update from vendor's website.

ID:4174 - Exploit for Path traversal in OpenEMR - CVE-2012-0991

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human