VYPR
Unrated severityNVD Advisory· Published Jul 5, 2015· Updated Jun 17, 2026

CVE-2015-4453

CVE-2015-4453

Description

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by (1) interface/fax/fax_dispatch_newpid.php and (2) interface/billing/sl_eob_search.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Openemr/Openemr11 versions
    cpe:2.3:a:open-emr:openemr:2.8.3:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:open-emr:openemr:2.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:open-emr:openemr:2.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:open-emr:openemr:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:open-emr:openemr:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:open-emr:openemr:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:open-emr:openemr:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:open-emr:openemr:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:open-emr:openemr:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:open-emr:openemr:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:open-emr:openemr:4.2.0:*:*:*:*:*:*:*
    • (no CPE)range: <4.2.0 patch 2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.