Librehealth

librehealth

22 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Librehealth Ehr

librehealth_ehr

22 CVEs

CVEs (22)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-31496 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jun 9, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
CVE-2022-31497 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jun 8, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.
CVE-2022-31495 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jun 7, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.
CVE-2022-31494 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jun 6, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
CVE-2022-31498 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jun 6, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
CVE-2022-31492 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jun 6, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
CVE-2022-31493 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jun 6, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
CVE-2022-29940 1Librehealth 1Librehealth Ehr Nov 21, 2024 May 5, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2022-29939 1Librehealth 1Librehealth Ehr Nov 21, 2024 May 5, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
CVE-2022-29938 1Librehealth 1Librehealth Ehr Nov 21, 2024 May 5, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
CVE-2020-23829 1Librehealth 1Librehealth Ehr Nov 21, 2024 Sep 1, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uplo...Show more interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.Show less
CVE-2020-11439 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jul 15, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.
CVE-2020-11438 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jul 15, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 LibreHealth EMR v2.0.0 is affected by systemic CSRF.
CVE-2020-11437 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jul 15, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
CVE-2020-11436 1Librehealth 1Librehealth Ehr Nov 21, 2024 Jul 15, 2020 N/A· v4 9.0 CRITICAL· v3 6.0 MEDIUM· v2 LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
CVE-2018-1000839 1Librehealth 1Librehealth Ehr Nov 21, 2024 Dec 20, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME ty...Show more LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. This attack appear to be exploitable via Uploading a PHP file with image MIME type.Show less
CVE-2018-1000650 1Librehealth 1Librehealth Ehr Nov 21, 2024 Aug 20, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitabl...Show more LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters.Show less
CVE-2018-1000649 1Librehealth 1Librehealth Ehr Nov 21, 2024 Aug 20, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead...Show more LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input.Show less
CVE-2018-1000648 1Librehealth 1Librehealth Ehr Nov 21, 2024 Aug 20, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code exe...Show more LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters.Show less
CVE-2018-1000647 1Librehealth 1Librehealth Ehr Nov 21, 2024 Aug 20, 2018 N/A· v4 7.1 HIGH· v3 5.5 MEDIUM· v2 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled p...Show more LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter.Show less

12 Next