Test ID:	1.3.6.1.4.1.25623.1.0.106635
Category:	Web application abuses
Title:	OpenEMR Multiple Vulnerabilities
Summary:	OpenEMR is prone to multiple vulnerabilities.
Description:	Summary: OpenEMR is prone to multiple vulnerabilities. Vulnerability Insight: The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to 'openemr-master/gacl/admin/object_search.php' url. Furthermore, the application is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators. Vulnerability Impact: An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website orgain access to sensitive information. Affected Software/OS: OpenEMR 5.0.1-dev and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6394 BugTraq ID: 96539 http://www.securityfocus.com/bid/96539 BugTraq ID: 96576 http://www.securityfocus.com/bid/96576 https://github.com/openemr/openemr/issues/498 Common Vulnerability Exposure (CVE) ID: CVE-2017-1000241 https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-004
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.