Security Alert Fixes

From OpenEMR Project Wiki

Revision as of 19:34, 30 November 2012 by Bradymiller (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Place to record and track OpenEMR security alerts and their fixes:

This page is outdated. Awaiting a developer to update/track this. Bradymiller 19:34, 30 November 2012 (UTC)

Arbitrary Database Creation/Database Enumeration

Fixed in most recent 4.0.0 patch and dev version

Local File Inclusion

Fixed in most recent 4.0.0 patch and dev version

Reflected Cross-site Scripting

(waiting for a developer to fix)

Security exploit: (Multiple cross-site scripting)

http://packetstormsecurity.org/files/103810
(waiting for a developer to fix)

Security exploit: (Multiple sql-injection)

http://secunia.com/advisories/46560/
(waiting for a developer to fix)

Security exploit: (One sql-injection)

http://www.exploit-db.com/exploits/17998
Fixed in most recent 4.1.0 patch and dev version

Security exploit: (One sql-injection)

http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/
Fixed in most recent 4.1.0 patch and dev version

Security exploit: (Multiple Local File Inclusion and arbitrary command execution vulnerabilities)

http://www.htbridge.ch/advisory/HTB23069
Fixed in most recent 4.1.0 patch and dev version

Retrieved from "https://www.open-emr.org/wiki/index.php?title=Security_Alert_Fixes&oldid=13077"