|Category:||Web application abuses|
|Title:||OpenEMR Database Disclosure Vulnerability|
|Summary:||OpenEMR is prone to a database disclosure vulnerability.|
OpenEMR is prone to a database disclosure vulnerability.
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying
because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled
MySQL server via vectors involving a crafted state parameter.
A successful exploitation will allow the attackers to steal the contents of the backend database: social security numbers, password hashes,
and any other sensitive data a medical records system database might hold.
All OpenEMR versions before 5.0.0 Patch 5.
Upgrade to OpenEMR 5.0.0 Patch 5 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2017-16540|
|Copyright||This script is Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 69903 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.