VYPR
High severity7.5OSV Advisory· Published Nov 4, 2017· Updated Jun 17, 2026

CVE-2017-16540

CVE-2017-16540

Description

OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openemr/OpenemrOSV2 versions
    v2_7_2, v2_7_2-rc1, v2_7_2-rc2, …+ 1 more
    • (no CPE)range: v2_7_2, v2_7_2-rc1, v2_7_2-rc2, …
    • (no CPE)range: <5.0.0 Patch 5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.