Home > Vulnerability Database > WS-2022-0452

Mend.io Vulnerability Database

WS-2022-0452

Good to know:

Date: September 21, 2022

Multiple Authenticated Remote Code Execution Vulnerabilities in Admin Panel in openemr/openemr. An attacker with administrative privileges in the openEMR application can execute arbitrary code on the server (remote code execution (RCE)). This was tested in openEMR version 7.0.0 (1) but also affects previous versions of openEMR. The issue is patched in version 7.0.0.2.

Language: PHP

Severity Score

7.2

Related Resources (2)

Url: https://github.com/openemr/openemr/commit/d10b1bf17b6571ac304f2d6a13d0ddeceb81dbed

Url: https://www.mend.io/vulnerability-database/WS-2022-0452

Severity Score

7.2

Weakness Type (CWE)

Command Injection

CWE-77

Top Fix

Upgrade Version

Upgrade to version v7_0_0_2

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2022-0452

Good to know:

Date: September 21, 2022

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?