header-logo
Suggest Exploit
vendor:
OpenEMR
by:
Allen Enosh Upputori
6,5
CVSS
MEDIUM
Insecure Direct Object Reference (IDOR)
639
CWE
Product Name: OpenEMR
Affected Version From: 6.0.0
Affected Version To: 6.0.0
Patch Exists: YES
Related CWE: CVE-2021-40352
CPE: a:openemr:openemr:6.0.0
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=77845
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2021

OpenEMR 6.0.0 – ‘noteid’ Insecure Direct Object Reference (IDOR)

OpenEMR 6.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability. By changing the existing 'noteid=' value to another number in the 'Print' page, an attacker can access messages of other users, including admin-only messages.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of OpenEMR.
Source

Exploit-DB raw data:

# Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)
# Date: 31/08/2021
# Exploit Author: Allen Enosh Upputori
# Vendor Homepage: https://www.open-emr.org
# Software Link: https://www.open-emr.org/wiki/index.php/OpenEMR_Downloads
# Version:  6.0.0 
# Tested on: Linux 
# CVE : CVE-2021-40352

How to Reproduce this Vulnerability:

1. Install Openemr 6.0.0
2. Login as an Physician
3. Open Messages 
4. Click Print 
5. Change the existing "noteid=" value to another number 

This will reveal everybodys messages Incuding Admin only Messages

Navigation

Suggest Exploit

Services By CQR