 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2015-4453 |
| Description: | interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.105316 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-4453 BugTraq ID: 75299 http://www.securityfocus.com/bid/75299 http://seclists.org/fulldisclosure/2015/Jun/48 http://jvn.jp/en/jp/JVN22677713/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000092 http://packetstormsecurity.com/files/132368/OpenEMR-4.2.0-Authentication-Bypass.html http://www.open-emr.org/wiki/index.php/OpenEMR_Patches |