CVE-2020-13569

Name of the Vulnerable Software and Affected Versions OpenEMR versions 5.0.2 through 6.0.0

Description A cross-site request forgery issue exists in the GACL functionality. This allows an attacker to send a specially crafted HTTP request, leading to the execution of arbitrary requests in the context of the victim.

Recommendations For OpenEMR version 5.0.2, update to a version that includes a fix for this issue. For OpenEMR development version 6.0.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the GACL functionality to minimize the risk of exploitation.