High severity7.5NVD Advisory· Published Nov 4, 2017· Updated May 13, 2026
CVE-2017-16540
CVE-2017-16540
Description
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.open-emr.org/wiki/index.php/OpenEMR_PatchesnvdIssue TrackingPatchVendor Advisory
- isears.github.io/jekyll/update/2017/10/28/openemr-database-disclosure.htmlnvdExploitIssue TrackingThird Party Advisory
- www.securityfocus.com/bid/101983nvd
News mentions
0No linked articles in our index yet.