CVE-2023-22973

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.0

Description A Local File Inclusion (LFI) issue in the interface/forms/LBF/new.php file allows remote authenticated users to execute code via the formname parameter. This can be exploited by authenticated users, potentially leading to code execution.

Recommendations For versions prior to 7.0.0, update to version 7.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the interface/forms/LBF/new.php file or disabling the formname parameter in the affected API endpoint until a patch is available.