How does CVE-2023-22974 affect OpenEMR?

CVE-2023-22974 affects OpenEMR versions earlier than 7.0.0.

What is the severity of CVE-2023-22974?

CVE-2023-22974 has a severity rating of 7.5 (high).

How can remote unauthenticated users exploit CVE-2023-22974?

Remote unauthenticated users can exploit CVE-2023-22974 by controlling a connection to an attacker-controlled MySQL server to read arbitrary files.

Are there any patches available for CVE-2023-22974?

Yes, patches are available for CVE-2023-22974. You can find the patches at the OpenEMR official website under the 'OpenEMR Patches' section.

Vulnerability/
CVE-2023-22974

high

7.5

CWE

552 22

22/2/2023

3/3/2023

CVE-2023-22974: Path Traversal

Q: What is CVE-2023-22974?

CVE-2023-22974 is a Path Traversal vulnerability in OpenEMR < 7.0.0 that allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

First published: Wed Feb 22 2023(Updated: )

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Open-emr Openemr	<7.0.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-22974?
CVE-2023-22974 is a Path Traversal vulnerability in OpenEMR < 7.0.0 that allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
How does CVE-2023-22974 affect OpenEMR?
CVE-2023-22974 affects OpenEMR versions earlier than 7.0.0.
What is the severity of CVE-2023-22974?
CVE-2023-22974 has a severity rating of 7.5 (high).
How can remote unauthenticated users exploit CVE-2023-22974?
Remote unauthenticated users can exploit CVE-2023-22974 by controlling a connection to an attacker-controlled MySQL server to read arbitrary files.
Are there any patches available for CVE-2023-22974?
Yes, patches are available for CVE-2023-22974. You can find the patches at the OpenEMR official website under the 'OpenEMR Patches' section.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.