CVE-2022-25471

Name of the Vulnerable Software and Affected Versions OpenEMR version 6.0.0

Description The issue is related to an Insecure Direct Object Reference (IDOR) vulnerability. It allows any authenticated attacker to access and modify unauthorized areas. This can be achieved by sending a crafted POST request to the "/modules/zend modules/public/Installer/register" API endpoint.

Recommendations For OpenEMR version 6.0.0, consider restricting access to the "/modules/zend modules/public/Installer/register" API endpoint until a patch is available. As a temporary workaround, limit the functionality of the register module to prevent unauthorized modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.