PT-2024-21396 · Openemr · Openemr
Maplebluexo
·
Published
2024-02-28
·
Updated
2025-05-13
·
CVE-2024-26476
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
open-emr versions prior to 7.0.2
Description
An issue in open-emr allows a remote attacker to escalate privileges via a crafted script to the
formid parameter in the ereq form.php component.Recommendations
For versions prior to 7.0.2, update to version 7.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ereq form.php component to minimize the risk of exploitation. Avoid using the
formid parameter in the affected component until the issue is resolved.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openemr