An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.
An attacker sends a crafted POST request containing a manipulated noteid parameter value. The application improperly verifies permissions (CWE-279 — Incorrect Execution-Assigned Permissions), allowing bypass of access control mechanisms. As a result, a remote user without any privileges can obtain a higher level of access in the system.
An attacker can obtain unauthorized elevated privileges in the OpenEMR system, potentially leading to complete application takeover and access to sensitive patient medical data.
Apply patches available from the vendor according to references — the fix was included in pull request #7435 in the OpenEMR project GitHub repository. Immediate update to a version containing this patch is recommended.
OpenEMR version 7.0.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpen Emr Openemr
APPOpen-Emr7.0.2
Related vulnerabilities
Command Injection w funkcji backup OpenEMR (wersje przed 8.0.0.2)
OpenEMR: ujawnienie tokenów API MedEx bez uwierzytelnienia (Auth Bypass)
OpenEMR: Wyciek klucza API bramki płatności do klienta w plaintext
OpenEMR: path traversal umożliwia odczyt dowolnych plików przez uwierzytelnionego użytkownika
SQL Injection w OpenEMR — narażenie danych PHI przez parametr _sort