Skip to main content

Librehealth Ehr

22 CVEs product

Monthly

CVE-2022-31496 HIGH POC This Week

LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Librehealth Ehr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-31497 MEDIUM This Month

LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-31495 MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-31494 MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-31498 MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-31492 MEDIUM POC This Month

Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-31493 MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-29940 MEDIUM POC This Month

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29939 MEDIUM POC This Month

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29938 HIGH POC This Week

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Librehealth Ehr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-23829 HIGH POC This Week

interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Librehealth Ehr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-11439 HIGH POC This Week

LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Librehealth Ehr
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-11438 HIGH POC This Week

LibreHealth EMR v2.0.0 is affected by systemic CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Librehealth Ehr
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-11437 MEDIUM POC This Month

LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Librehealth Ehr
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-11436 CRITICAL POC Act Now

LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Librehealth Ehr
NVD
CVSS 3.1
9.0
EPSS
1.3%
CVE-2018-1000839 HIGH POC This Week

LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-1000650 HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-1000649 HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-1000648 HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-1000647 HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Librehealth Ehr
NVD GitHub
CVSS 3.0
7.1
EPSS
1.5%
CVE-2018-1000646 HIGH POC This Week

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-1000645 MEDIUM POC This Month

LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Librehealth Ehr
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
EPSS 2% CVSS 8.8
HIGH POC This Week

LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Librehealth Ehr
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub Exploit-DB
EPSS 2% CVSS 8.8
HIGH POC This Week

LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Librehealth Ehr
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

LibreHealth EMR v2.0.0 is affected by systemic CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Librehealth Ehr
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Librehealth Ehr
NVD
EPSS 1% CVSS 9.0
CRITICAL POC Act Now

LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Librehealth Ehr
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Librehealth Ehr
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Librehealth Ehr
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC This Week

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Librehealth Ehr
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Librehealth Ehr
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Librehealth Ehr
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy