CVE-2012-0991: Path Traversal
First published: Tue Feb 07 2012(Updated: )
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenEMR | =4.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html
- http://osvdb.org/78727
- http://osvdb.org/78728
- http://osvdb.org/78729
- http://osvdb.org/78730
- http://secunia.com/advisories/47781
- http://www.open-emr.org/wiki/index.php/OpenEMR_Patches
- http://www.securityfocus.com/bid/51788
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72914
- https://www.htbridge.ch/advisory/HTB23069
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/openemr
- canonical/openemr
- version/openemr/4.1.0