CVE-2012-0991

Name of the Vulnerable Software and Affected Versions OpenEMR version 4.1.0

Description The issue allows remote authenticated users to read arbitrary files due to multiple directory traversal vulnerabilities. This is achieved by including a .. (dot dot) in the formname parameter to various API endpoints, such as "/contrib/acog/print form.php", "/interface/patient file/encounter/load form.php", "/interface/patient file/encounter/view form.php", or "/interface/patient file/encounter/trend form.php".

Recommendations For OpenEMR version 4.1.0, as a temporary workaround, consider restricting access to the formname parameter in the affected API endpoints until a patch is available. Additionally, restrict access to sensitive files and directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.