VYPR

LibreHealth EHR

by LibreHealth

CVEs (6)

  • CVE-2020-11436CriJul 15, 2020
    risk 0.59cvss 9.0epss 0.01

    LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.

  • CVE-2020-23829HigSep 1, 2020
    risk 0.57cvss 8.8epss 0.03

    interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.

  • CVE-2020-11439HigJul 15, 2020
    risk 0.57cvss 8.8epss 0.02

    LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.

  • CVE-2020-11438HigJul 15, 2020
    risk 0.57cvss 8.8epss 0.01

    LibreHealth EMR v2.0.0 is affected by systemic CSRF.

  • CVE-2022-29939MedMay 5, 2022
    risk 0.35cvss 5.4epss 0.01

    In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities.

  • CVE-2020-11437MedJul 15, 2020
    risk 0.28cvss 4.3epss 0.01

    LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.