Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
44 vulnerabilities by librehealth
CVE-2022-31496 (GCVE-0-2022-31496)
Vulnerability from nvd – Published: 2022-06-08 23:53 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T23:53:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31496",
"datePublished": "2022-06-08T23:53:04.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31497 (GCVE-0-2022-31497)
Vulnerability from nvd – Published: 2022-06-08 11:32 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T11:32:38.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31497",
"datePublished": "2022-06-08T11:32:38.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31495 (GCVE-0-2022-31495)
Vulnerability from nvd – Published: 2022-06-07 14:09 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T14:09:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31495",
"datePublished": "2022-06-07T14:09:53.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31494 (GCVE-0-2022-31494)
Vulnerability from nvd – Published: 2022-06-06 22:28 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T22:28:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31494",
"datePublished": "2022-06-06T22:28:14.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31498 (GCVE-0-2022-31498)
Vulnerability from nvd – Published: 2022-06-06 20:10 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T20:10:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31498",
"datePublished": "2022-06-06T20:10:49.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31492 (GCVE-0-2022-31492)
Vulnerability from nvd – Published: 2022-06-06 19:56 – Updated: 2024-08-03 07:19
VLAI
Summary
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T19:56:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31492",
"datePublished": "2022-06-06T19:56:46.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31493 (GCVE-0-2022-31493)
Vulnerability from nvd – Published: 2022-06-06 18:18 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T18:18:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31493",
"datePublished": "2022-06-06T18:18:59.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29940 (GCVE-0-2022-29940)
Vulnerability from nvd – Published: 2022-05-05 11:40 – Updated: 2024-08-03 06:33
VLAI
Summary
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\\orders\\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T11:40:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\\orders\\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29940",
"datePublished": "2022-05-05T11:40:30.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:43.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29939 (GCVE-0-2022-29939)
Vulnerability from nvd – Published: 2022-05-05 11:40 – Updated: 2024-08-03 06:33
VLAI
Summary
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\\billing\\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T11:40:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\\billing\\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29939",
"datePublished": "2022-05-05T11:40:32.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:43.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29938 (GCVE-0-2022-29938)
Vulnerability from nvd – Published: 2022-05-05 11:40 – Updated: 2024-08-03 06:33
VLAI
Summary
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\\billing\\new_payment.php via interface\\billing\\payment_master.inc.php leads to SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T11:40:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\\billing\\new_payment.php via interface\\billing\\payment_master.inc.php leads to SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29938",
"datePublished": "2022-05-05T11:40:35.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:43.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-23829 (GCVE-0-2020-23829)
Vulnerability from nvd – Published: 2020-09-01 16:42 – Updated: 2024-08-04 15:05
VLAI
Summary
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/boku7/LibreHealth-authRCE | x_refsource_MISC |
| https://www.exploit-db.com/exploits/48702 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/boku7/LibreHealth-authRCE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T16:23:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/boku7/LibreHealth-authRCE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/48702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-23829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/boku7/LibreHealth-authRCE",
"refsource": "MISC",
"url": "https://github.com/boku7/LibreHealth-authRCE"
},
{
"name": "https://www.exploit-db.com/exploits/48702",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/48702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-23829",
"datePublished": "2020-09-01T16:42:44.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:05:11.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11438 (GCVE-0-2020-11438)
Vulnerability from nvd – Published: 2020-07-15 19:34 – Updated: 2024-08-04 11:28
VLAI
Summary
LibreHealth EMR v2.0.0 is affected by systemic CSRF.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is affected by systemic CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:34:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is affected by systemic CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11438",
"datePublished": "2020-07-15T19:34:10.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11436 (GCVE-0-2020-11436)
Vulnerability from nvd – Published: 2020-07-15 19:31 – Updated: 2024-08-04 11:28
VLAI
Summary
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:31:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11436",
"datePublished": "2020-07-15T19:31:45.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11437 (GCVE-0-2020-11437)
Vulnerability from nvd – Published: 2020-07-15 19:28 – Updated: 2024-08-04 11:28
VLAI
Summary
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:28:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11437",
"datePublished": "2020-07-15T19:28:07.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11439 (GCVE-0-2020-11439)
Vulnerability from nvd – Published: 2020-07-15 19:23 – Updated: 2024-08-04 11:28
VLAI
Summary
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:23:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11439",
"datePublished": "2020-07-15T19:23:50.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31496 (GCVE-0-2022-31496)
Vulnerability from cvelistv5 – Published: 2022-06-08 23:53 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T23:53:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31496",
"datePublished": "2022-06-08T23:53:04.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31497 (GCVE-0-2022-31497)
Vulnerability from cvelistv5 – Published: 2022-06-08 11:32 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T11:32:38.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31497",
"datePublished": "2022-06-08T11:32:38.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31495 (GCVE-0-2022-31495)
Vulnerability from cvelistv5 – Published: 2022-06-07 14:09 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T14:09:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31495",
"datePublished": "2022-06-07T14:09:53.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31494 (GCVE-0-2022-31494)
Vulnerability from cvelistv5 – Published: 2022-06-06 22:28 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T22:28:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31494",
"datePublished": "2022-06-06T22:28:14.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31498 (GCVE-0-2022-31498)
Vulnerability from cvelistv5 – Published: 2022-06-06 20:10 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T20:10:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31498",
"datePublished": "2022-06-06T20:10:49.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31492 (GCVE-0-2022-31492)
Vulnerability from cvelistv5 – Published: 2022-06-06 19:56 – Updated: 2024-08-03 07:19
VLAI
Summary
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T19:56:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31492",
"datePublished": "2022-06-06T19:56:46.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31493 (GCVE-0-2022-31493)
Vulnerability from cvelistv5 – Published: 2022-06-06 18:18 – Updated: 2024-08-03 07:19
VLAI
Summary
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T18:18:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth2_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31493",
"datePublished": "2022-06-06T18:18:59.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:19:06.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29938 (GCVE-0-2022-29938)
Vulnerability from cvelistv5 – Published: 2022-05-05 11:40 – Updated: 2024-08-03 06:33
VLAI
Summary
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\\billing\\new_payment.php via interface\\billing\\payment_master.inc.php leads to SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T11:40:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\\billing\\new_payment.php via interface\\billing\\payment_master.inc.php leads to SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29938",
"datePublished": "2022-05-05T11:40:35.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:43.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29939 (GCVE-0-2022-29939)
Vulnerability from cvelistv5 – Published: 2022-05-05 11:40 – Updated: 2024-08-03 06:33
VLAI
Summary
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\\billing\\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T11:40:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\\billing\\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29939",
"datePublished": "2022-05-05T11:40:32.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:43.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29940 (GCVE-0-2022-29940)
Vulnerability from cvelistv5 – Published: 2022-05-05 11:40 – Updated: 2024-08-03 06:33
VLAI
Summary
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/LibreHealthIO/lh-ehr/tags | x_refsource_MISC |
| https://gitlab.com/librehealth/ehr/lh-ehr/-/tags | x_refsource_MISC |
| https://nitroteam.kz/index.php?action=researches&… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\\orders\\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T11:40:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\\orders\\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreHealthIO/lh-ehr/tags",
"refsource": "MISC",
"url": "https://github.com/LibreHealthIO/lh-ehr/tags"
},
{
"name": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags",
"refsource": "MISC",
"url": "https://gitlab.com/librehealth/ehr/lh-ehr/-/tags"
},
{
"name": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r",
"refsource": "MISC",
"url": "https://nitroteam.kz/index.php?action=researches\u0026slug=librehealth_r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29940",
"datePublished": "2022-05-05T11:40:30.000Z",
"dateReserved": "2022-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:43.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-23829 (GCVE-0-2020-23829)
Vulnerability from cvelistv5 – Published: 2020-09-01 16:42 – Updated: 2024-08-04 15:05
VLAI
Summary
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/boku7/LibreHealth-authRCE | x_refsource_MISC |
| https://www.exploit-db.com/exploits/48702 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/boku7/LibreHealth-authRCE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T16:23:48.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/boku7/LibreHealth-authRCE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/48702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-23829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/boku7/LibreHealth-authRCE",
"refsource": "MISC",
"url": "https://github.com/boku7/LibreHealth-authRCE"
},
{
"name": "https://www.exploit-db.com/exploits/48702",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/48702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-23829",
"datePublished": "2020-09-01T16:42:44.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:05:11.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11438 (GCVE-0-2020-11438)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:34 – Updated: 2024-08-04 11:28
VLAI
Summary
LibreHealth EMR v2.0.0 is affected by systemic CSRF.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is affected by systemic CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:34:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is affected by systemic CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11438",
"datePublished": "2020-07-15T19:34:10.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11436 (GCVE-0-2020-11436)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:31 – Updated: 2024-08-04 11:28
VLAI
Summary
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:31:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11436",
"datePublished": "2020-07-15T19:31:45.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11437 (GCVE-0-2020-11437)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:28 – Updated: 2024-08-04 11:28
VLAI
Summary
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:28:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11437",
"datePublished": "2020-07-15T19:28:07.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11439 (GCVE-0-2020-11439)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:23 – Updated: 2024-08-04 11:28
VLAI
Summary
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://know.bishopfox.com/advisories | x_refsource_MISC |
| https://librehealth.io/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/librehealth… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:23:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://librehealth.io/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://librehealth.io/",
"refsource": "MISC",
"url": "https://librehealth.io/"
},
{
"name": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/librehealth-version-2.0.0-0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11439",
"datePublished": "2020-07-15T19:23:50.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}