Brady Miller

**Name of the Vulnerable Software and Affected Versions** OpenEMR versions 5.0.0 and prior **Description** The issue allows attackers to bypass intended access restrictions. This is achieved via a crafted name in the `csv log html` function, located in the `library/edihistory/edih csv inc.php` file. **Recommendations** For OpenEMR versions 5.0.0 and prior, consider restricting access to the `csv log html` function until a patch is available. As a temporary workaround, avoid using crafted names that could exploit this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.