# Exploit Title: OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR) # Date: 31/08/2021 # Exploit Author: Allen Enosh Upputori # Vendor Homepage: https://www.open-emr.org # Software Link: https://www.open-emr.org/wiki/index.php/OpenEMR_Downloads # Version: 6.0.0 # Tested on: Linux # CVE : CVE-2021-40352 How to Reproduce this Vulnerability: 1. Install Openemr 6.0.0 2. Login as an Physician 3. Open Messages 4. Click Print 5. Change the existing "noteid=" value to another number This will reveal everybodys messages Incuding Admin only Messages
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
