CVE-2012-0991
low
CVSS v3
—
CVSS v2
3.5
VIR risk
3.5
Description
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://www.htbridge.ch/advisory/HTB23069
Vendor advisory: cve@mitre.org — http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/47781
Vendor advisory: cve@mitre.org — http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| openemr | openemr | 4.1.0 | |
References
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html
- http://osvdb.org/78727
- http://osvdb.org/78728
- http://osvdb.org/78729
- http://osvdb.org/78730
- http://secunia.com/advisories/47781
- http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
- http://www.securityfocus.com/bid/51788
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72914
- https://www.htbridge.ch/advisory/HTB23069
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html
- http://osvdb.org/78727
- http://osvdb.org/78728
- http://osvdb.org/78729
- http://osvdb.org/78730
- http://secunia.com/advisories/47781
- http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
- http://www.securityfocus.com/bid/51788
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72914
- https://www.htbridge.ch/advisory/HTB23069
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.